G-F1D83FRJTE
Crypto News

Forensic Trail Links Bybit’s $1.4 Billion Hack to Modified Code in Safe Wallet – CryptoMode

Photo of foraa754@gmail.com foraa754@gmail.comFebruary 26, 2025
0 0 1 minute read
Forensic Trail Links Bybit’s .4 Billion Hack to Modified Code in Safe Wallet – CryptoMode

Bybit, the cryptocurrency exchange that saw hackers steal around $1.4 billion from it after compromising an ETH cold wallet, has found that the security breach occurred over a malicious modification of JavaScript code hosted on Safe Wallet’s Amazon Web Services (AWS) S3 bucket.

The injected code, according to a preliminary analysis, was designed to manipulate transaction data during the signing process, targeting specific contract addresses, including Bybit’s.

The breach involved a sophisticated manipulation of a multisignature transaction facilitated through the popular Safe Wallet platform. A threat actor, according to Bybit, intercepted the transaction process, altered its parameters, and subsequently transferred the funds to a wallet under their control.

“The preliminary forensic review finds that our system was not compromised,” said Ben Zhou, Co-founder and CEO of Bybit, in a statement. “While this incident underscores the evolving threats in the crypto space, we are taking proactive steps to reinforce security and ensure the highest level of protection for our users.”

Evidence presented by Bybit indicates that the malicious code was introduced on February 19, two days before the cryptocurrency exchange was hacked. Forensic analysis of Chrome browser cache files from the signers’ systems corroborated the presence of the compromised code at the time of the transfer.

Furthermore, public web archives captured snapshots of Safe Wallet’s JavaScript resources, confirming the presence of the malicious code, according  to the forensic experts, including Verichains and Sygnia Labs.

Bybit Hackers Compromised Safe Wallet’s AWS

Notably, the exchange reported that new versions of the affected JavaScript files, devoid of the injected code, were uploaded to Safe Wallet’s Amazon Web Services S3 bucket shortly after the fraudulent transaction, suggesting an attempt to obscure the breach.

The incident underscores the reliance of cryptocurrency exchanges on third-party services and the potential vulnerabilities inherent in those systems. The investigation has, thus far, found no evidence of a compromise within Bybit’s own infrastructure.

Photo of foraa754@gmail.com foraa754@gmail.comFebruary 26, 2025
0 0 1 minute read
Photo of foraa754@gmail.com

foraa754@gmail.com

Related Articles

EUR/USD gains as US Dollar declines, Fed’s policy takes centre stage

EUR/USD gains as US Dollar declines, Fed’s policy takes centre stage

March 17, 2025
Bitcoin Reserve Inevitable, Says Latvia’s Economy Minister

Bitcoin Reserve Inevitable, Says Latvia’s Economy Minister

May 13, 2025
Ethereum (ETH) Battles the Bears, Will It Stage a Comeback?

Ethereum (ETH) Battles the Bears, Will It Stage a Comeback?

April 18, 2025
Pi Coin Price Prediction for Today (April 24)

Pi Coin Price Prediction for Today (April 24)

April 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button