Article Author: 0x9999in1, MetaEra

On February 27th, Hong Kong time, Bybit, which experienced the largest hacking incident in history, and Safe, involved with the multi-signature wallet, released an incident investigation report. This was originally intended to be a more detailed investigation report, but it directly overturned previous preliminary judgments, pointing the finger at the official front end of Safe!

Initial Judgment: Bybit's Three Signers' Front End Was Hacked

On the day when $1.46 billion worth of cryptocurrency was stolen, a comprehensive inference from Bybit, on-chain detectives, and security experts suggested that the main reason for the theft at Bybit was that Bybit's Ethereum cold wallet was compromised by the North Korean hacker group Lazarus Group due to a malicious contract upgrade. Bybit used a Safe multi-signature wallet combined with a hardware cold wallet, which set a 3/3 signature threshold, meaning that all three private key holders must authorize simultaneously to execute any asset transfer operation. Therefore, the hackers deployed a backdoored malicious contract three days in advance, and when the signers performed their daily operations, the hackers quietly replaced the normal transaction requests with their pre-deployed malicious contracts.

This actually raised a huge question: how could the front end of Bybit's three signers be collectively tampered with? It should be noted that the three signers would involve different locations, devices, and networks, making it extremely difficult to lock down these three signers in a short period of time for collective tampering!

According to Bybit CEO Ben Zhou's recollection during a live stream on X: during the multi-signature transfer, he was the last signer, using a Ledger device, and there were issues during signing that he did not notice; the delivery address was not displayed during signing. Currently, there are a total of 4,000 withdrawal transactions waiting to be processed.

Investigation Result: Malicious Code Injected into Safe's Official Front End

In the two incident investigation reports, the North Korean hacker group Lazarus Group injected malicious code into Safe's front end, and SafeGlobal's AWS S3 or CloudFront account/API keys were leaked or stolen. Consequently, Safe's server was hacked, leading to the injection of malicious code into the webpage. All three signers from Bybit used Safe's official front end webpage, which resulted in their signature information being tampered with and subsequently stolen.

Although such a result could also lead to the possibility of Bybit's cold wallet being stolen, some raised a question: many exchanges use Safe multi-signature, so why was only Bybit hacked that day? The truth is that the hackers specifically targeted Bybit's EthereumMultisig cold wallet because there was only one opportunity to strike; if they were to steal, they aimed for a big haul.

Web3 Smart Contracts, Web2 Website Front Ends: A Makeshift Performance

Perhaps, who would have thought that the official front end website was not secure? This does not mean that Safe is inherently unsafe; there is a distinction here. Safe's smart contracts are not problematic; the issue lies with its front end. The Safe front end is developed by the Safe team and deployed on AWS (Amazon Web Services). After all, the front end webpage is a centralized application, thus carrying a centralized single point of risk. In this light, in a decentralized world, as long as there is one centralized point, such single point risks will exist.

As project teams and ordinary users, how can we avoid similar issues caused by partial centralization leading to attacks? Twitter KOL Yue Xiaoyu provided the following suggestions.

Project teams need to pay attention to three points: 1. Large assets should still use a combination of hardware wallets and multi-signatures, but hardware wallets must address the issue of blind signing, and each signer must fully understand what they are signing; 2. Multi-party verification should be conducted, preferably with an independent third-party verifier, to ensure that risks do not arise from the same issue during the multi-signature process, such as in this incident where the same front end was used for multi-signatures; 3. In the long run, it is essential to promote that all aspects of each project ensure decentralization, such as adopting decentralized front-end solutions and deploying them in decentralized storage like IPFS.

For ordinary users, he believes it is crucial to avoid using centralized trading platforms as much as possible, and proper fund isolation is also very necessary. Since the wallet addresses of exchanges are generally public and the flow of funds is also public, as long as more resources are invested in attacks, there will eventually be a day when they are breached. Therefore, the only thing we can trust is technology, not "people" or "platforms."

CZ: Five Major Questions Challenging Safe's Investigation Report

As of now, Safe has stated on social media that the attack on Bybit was achieved by compromising the devices of Safe {Wallet} developers, leading to malicious transactions disguised as legitimate transactions being submitted.

Regarding Safe's explanation, Binance founder CZ expressed on social media that the incident report released by Safe uses vague language to obscure the issues and directly raised five questions:

• What does "compromising the Safe {Wallet} developer's machine" mean? How did they hack this specific machine? Was it through social engineering, viruses, etc.?

• How did the developer's machine access "Bybit-operated accounts"? Did some code get directly deployed from this developer machine to production?

• How did they deceive the Ledger verification steps among multiple signers? Was it blind signing? Or did the signers not verify correctly?

• Is $1.4 billion the maximum address managed by Safe? Why didn't they target others?

• What can other "self-hosted, multi-signature" wallet providers and users learn from this?

To Be Continued

Although external security researchers did not find any vulnerabilities in Safe's smart contracts or the front end and service source code, X platform user 23pds (Shan Ge) revealed that through the latest code updates on Safe's GitHub, some interesting front-end updates were discovered…

Currently, the Bybit theft incident does not have a definitive conclusion, but the process and results are becoming clearer. MetaEra will continue to monitor and provide real-time updates.