ChainCatcher news, Bridgewater founder Dalio recently stated that the current global monetary system is based on debt, and governments may devalue their currencies through inflation or low-interest rate policies. Investors should consider whether there is an alternative currency that does not rely on debt and is relatively stable. He believes Bitcoin could be one of the candidates and may play an important role in the future, but emphasized that "money is essentially also debt," and a true alternative currency still needs further exploration.Dalio pointed out that Bitcoin's advantage as a safe-haven asset lies in its strong liquidity; unlike real estate, it is not fixed in one place, making it harder to tax or confiscate. However, he also stressed that the diversity and robustness of investments are more important.When asked about his views on gold, Dalio stated that he is more optimistic about gold than ever before, but advised investors to remain restrained. He believes the future is full of uncertainties, and investors need to build a diversified portfolio to cope with it. He suggested a "cautious" gold allocation of 10% to 15%, which can provide protection while avoiding excessive reliance on a single asset. He emphasized that a reasonable asset allocation is an important strategy to deal with future uncertainties.

ChainCatcher message, Safe announced in a post on X that its wallet service has resumed on chains such as World, Mantle, Scroll, ZKsync, and Polygon. It is currently steadily restoring network support to ensure a secure and stable launch while expanding access.

ChainCatcher message, Safe states that the Safe{Wallet} team has been working with Mandiant over the past few days to conduct a comprehensive forensic investigation and security audit regarding the Bybit hacking incident. Safe emphasizes that its team is committed to transparency. Mandiant's preliminary report results will be published next week.

ChainCatcher message, Web3 security company Slow Mist posted on the X platform to remind users that the "Safeguard" variant attack is spreading on Telegram. Users need to be aware of randomly sent false "account risk" messages and pushed false security checks. The attack process is as follows:A Telegram message is sent to you;You are induced to "verify" certain information;You enter the login verification code;Your session information is obtained;Your account is then stolen.Next, the scammers will search for private keys in your chatbot. If they completely take over your account, they will also impersonate you to scam your friends.

ChainCatcher message, the encrypted wallet Safe{Wallet} announced on social media that it has resumed operations on the Arbitrum network. Its team will restore access to more networks, prioritizing those that are most active and directly impactful to users, with more networks set to resume support soon.

ChainCatcher news, Slow Mist posted on platform X stating that the devices of Safe developers were compromised, leading to the injection of malicious code into the frontend, which intercepted and modified transaction parameters. After a quick verification, it was found that there was indeed malicious code behind the js files of the Safe frontend, and the related address (0xbdd077f651ebe7f7b3ce16fe5f2b025be2969516) is involved in the malicious execution contract that siphoned off 1.5 billion assets from ByBit.

ChainCatcher news, according to ICP founder Dominic Williams, a North Korean hacker group recently successfully stole $1.5 billion from Bybit, primarily by exploiting a vulnerability in the web interface of Safe { Wallet }, which is hosted in the cloud rather than on a smart contract.Williams criticized some Web3 projects for operating only on "fake onchain," leading to security risks, and suggested using ICP (Internet Computer) for on-chain computation, data storage, and user experience validation to enhance security. He proposed migrating Safe { Wallet } to ICP and adopting cryptographic authentication mechanisms and multi-party consensus governance (such as SNS DAO) to strengthen security.

ChainCatcher news, Safe investor Hasu posted on social media stating that although the Bybit theft was due to the Safe frontend rather than an intrusion into Bybit's infrastructure, Bybit's infrastructure was also insufficient to monitor such a simple hacking attack. When transferring funds exceeding $1 billion, there is no reason not to verify the integrity of the message on a second offline machine. If the blame is placed on SAFE instead of Bybit here, it completely learns the wrong lesson.In response, Wintermute founder wishfulcynic.eth stated that his remarks are somewhat misleading and distort the facts (gaslighting).Hasu countered his series of comments by saying that evaluating whether Safe was at fault in the incident is a difficult question to answer (not because he is an investor in Safe). Safe provided a solution through a centralized frontend, but it should never be completely relied upon. He believes that Safe's biggest problem is not collaborating with large capital clients to provide them with security education. The intrusion of Safe developers' devices is also one of the issues, but learning lessons from it is what matters most.

ChainCatcher message, Slow Mist Yu Xian posted on platform X stating that Safe has ultimately been breached. The smart contract part is indeed fine (easily verifiable on-chain), but the front end was tampered with and forged to achieve a deceptive effect.As for why it was tampered with, we will wait for the official details from Safe. Safe can be considered a type of security infrastructure; theoretically, anyone using this multi-signature wallet could be stolen from, similar to Bybit. All other services with front ends, APIs, and user interaction may carry this risk as well. This is also a classic supply chain attack, and the security management model for large/huge assets needs a significant upgrade.

ChainCatcher message, Binance founder Zhao Changpeng stated that he usually does not criticize other industry participants, but the incident report released by Safe uses vague language to obscure the issues. After reading it, there are more questions than answers, and the questions that come to mind include:--- What does "compromising the Safe {Wallet} developer machine" mean? How did they compromise this specific machine? Was it social engineering, a virus, etc.?--- How did the developer machine access "accounts operated by Bybit"? Did some code get deployed directly from this developer machine to prod?--- How did they deceive the Ledger verification steps among multiple signers? Was it a blind sign? Or did the signers fail to verify correctly?--- Is $1.4 billion the largest address managed using Safe? Why didn't they target others?--- What can other "self-custody, multi-signature" wallet providers and users learn from this?

ChainCatcher news, Safe responded on platform X to Bybit's hacking forensic report, stating that the forensic review of the targeted attack by the Lazarus Group on Bybit concluded that the attack on Bybit Safe was executed through compromised Safe{Wallet} developer machines, leading to disguised malicious transactions.Lazarus is a government-backed North Korean hacking organization known for its complex social engineering attacks on developer credentials, sometimes combined with zero-day vulnerabilities. The forensic review by external security researchers did not indicate any vulnerabilities in the Safe smart contracts or the source code of the front end and services.Following the recent incident, the Safe{Wallet} team conducted a thorough investigation and has now phased the restoration of Safe{Wallet} on the Ethereum mainnet. The Safe{Wallet} team has completely rebuilt and reconfigured all infrastructure and rotated all credentials to ensure the complete elimination of the attack vector.After the final results of the investigation are released, the Safe{Wallet} team will publish a complete post-mortem analysis. The Safe{Wallet} front end is still operational and has implemented additional security measures. However, users need to be extra cautious and vigilant when signing transactions.

ChainCatcher message, Slow Mist stated that on February 21, 2025, Bybit's on-chain multi-signature wallet was targeted and breached, with nearly $1.5 billion in assets quietly lost through a transaction with a "legitimate signature." Subsequent on-chain analysis revealed that the attacker gained multi-signature permissions through sophisticated social engineering attacks, implanted malicious logic using the delegatecall function of the Safe contract, and ultimately bypassed the multi-signature verification mechanism to transfer funds to an anonymous address. "Multi-signature" does not equal "absolute security"; even a secure mechanism like the Safe multi-signature wallet can still be at risk of being compromised if lacking additional protective measures.Bybit is using version v1.1.1 (<1.3.0) of the Safe contract, which means they cannot utilize the Guard mechanism, a key security feature. If Bybit had upgraded to version 1.3.0 or higher of the Safe contract and implemented an appropriate Guard mechanism, such as specifying a whitelist address for receiving funds and conducting strict contract function ACL verification, they might have been able to avoid this loss. Although this is merely a hypothesis, it provides important insights for future asset security management.

ChainCatcher message, according to Infini founder Christian's post on X, "Of the 50 million dollars stolen, seventy percent belongs to large friends I know personally. I have already communicated with each of them and will personally bear the possible losses and settle privately. The remaining funds will be reinvested into the infini vault before next Monday, and everything will continue as usual. The funds are ready, and I will respond to any withdrawal requests in the meantime, so please rest assured.I apologize for the need for some time to upgrade and restart the business; everything will proceed under the premise of ensuring the absolute safety of the funds."