The recent Bybit hack has shocked the community with a total loss of up to 1.46 billion USD. According to the investigation report of Bybit CEO Ben Zhou, this incident did not originate from the exchange's internal vulnerability but from Safe{Wallet}, a multisig wallet platform trusted by many projects.

How the Lazarus hacker group attacked
The investigation report shows that the Lazarus hacker group exploited a vulnerability in the Safe{Wallet} infrastructure to carry out a targeted attack on Bybit. Specifically, the hacker group:

- Infiltrated a Safe member's device, thereby gaining access to the AWS S3 data storage system.

- Inserted malicious JavaScript code into Safe, directly targeting Bybit to create fake transactions. - Made a single transaction, successfully withdrawing $1.46 billion from Bybit.

Investigation from security firm Sygnia also showed that the malware only activated when the transaction originated from Bybit's wallet address, indicating that Lazarus had planned the attack in advance.

Safe restructures the entire system
After the attack, Safe{Wallet} conducted a comprehensive audit, restructured the infrastructure, and changed all authentication information. Safe also pledged to improve the transaction verification system to protect users from similar attacks.

Currently, Safe{Wallet} on the Ethereum mainnet has been restored with enhanced security measures. The project team also promised to release a detailed report on the incident after the final investigation results.

Concerns about similar attacks
Safe{Wallet} currently holds total assets of up to $71.44 billion. Therefore, the community is concerned that if a similar vulnerability occurs, not only Bybit but many other platforms may also become targets.

However, it is important to note that there is no vulnerability in Safe's smart contract or source code. Hackers only took advantage of JavaScript code to manipulate Bybit's transactions, but could not penetrate Safe's core system.

Many experts believe that this incident is not only a problem for Safe but also a general warning for the entire ecosystem. Security platforms, especially projects using multisig wallets and centralized custody services, need to be more vigilant and regularly check their systems to prevent similar risks.

Bybit resolutely deals with hackers
Immediately after the incident, Bybit affirmed that users will not suffer any losses. At the same time, the exchange also launched a reward program to track down the Lazarus hacker group:

- Offer a reward of 10% of the value of the stolen funds to anyone who recovers the assets.

- 5% reward for exchanges or organizations that help freeze hackers' assets.

To date, Bybit has recovered $100 million, including $43 million in mETH. The exchange has also taken out bridge loans to ensure a 1:1 ratio on customer assets.

Bybit CEO Ben Zhou affirmed: "We will not stop until Lazarus is eliminated."

Summary
The Bybit hack has clarified the community's concerns about security in the Crypto space. The investigation report confirmed that the fault did not come from Bybit but from a vulnerability in Safe{Wallet}, allowing the Lazarus hacker to carry out a targeted attack.

Bybit is working to recover assets and track down the perpetrators, while Safe has implemented new security measures to prevent future risks. However, this incident still serves as a strong warning to the entire ecosystem about the potential risks in multisig and centralized custody solutions.