Zhao Changpeng: The wording of Safe's incident report is vague, and multiple issues remain unexplained
ChainCatcher message, Binance founder Zhao Changpeng stated that he usually does not criticize other industry participants, but the incident report released by Safe uses vague language to obscure the issues. After reading it, there are more questions than answers, and the questions that come to mind include:
--- What does "compromising the Safe {Wallet} developer machine" mean? How did they compromise this specific machine? Was it social engineering, a virus, etc.?
--- How did the developer machine access "accounts operated by Bybit"? Did some code get deployed directly from this developer machine to prod?
--- How did they deceive the Ledger verification steps among multiple signers? Was it a blind sign? Or did the signers fail to verify correctly?
--- Is $1.4 billion the largest address managed using Safe? Why didn't they target others?
--- What can other "self-custody, multi-signature" wallet providers and users learn from this?