Golden Finance reported that Safe, a multi-signed wallet, announced on X platform that the security investigation jointly conducted with Mandiant (now affiliated with Google Cloud) has made critical progress and confirmed that the February 21 attack was conducted by North Korean hacker group TraderTraitor (UNC4899), which has previously launched multiple attacks on the crypto industry. Hackers gained critical access by hacking Safe{Wallet} developers' computers and hijacking AWS session tokens bypassing Multi-factor Authentication (MFA). Safe said that despite the impact of the attack, the smart contract was not damaged, the system has been completely reset, and stricter security measures have been implemented, including: -Infrastructure reset: Regenerate all credentials, reset clusters, update keys and confidential information, and redeploy container images. - External access restrictions: Temporarily block external access to the transaction service, only internal communication is allowed, and firewall rules are strengthened. -Malicious transaction detection upgrade: Work with Blockaid to strengthen transaction monitoring and increase risk marks for Safe account master upgrades. - Real-time monitoring enhancements: Improve logging and threat detection capabilities to respond to security incidents faster. -Pending transactions cleanup: Clear all pending transactions in the database to prevent potential security risks. - Optimize UI and security verification tools: Introduce Safe Utils as a third-party transaction verification tool, and plans to provide a version of Safe{Wallet} that is fully managed by IPFS.