This is a segment of the LightSpeed Newsletter. To read the complete edition, Subscribe.
Yesterday, BYBIT CEO Ben Zhou posted to X that the platform’s $1.4 billion hack was caused by “malicious code derived from Safe {Wallet}’s infrastructure.” Solana’s CEO had many words, including “nightmare season,” “holy hell,” and “holy shit.”
Preliminary reports show that Safe’s frontend was exploited by Trick Bybit to sign malicious transactions, and Safe’s actual smart contracts appeared to work as intended. Still, foul language can come from the fact that wallets are exploitable. Hackers have access to many assets. SAFE Smart Accounts secure over $100 billion in digital assets.
In other words, hackers can go ahead of the Bybit.
The team, a multi-sig wallet used by many well-known Solana teams, including Helium, Camino, Pis, Helius, Drift, Jupiter and Ellipsis, “we are conducting a comprehensive review of our infrastructure to mitigate the possibility of such attacks,” CEO Stepan Simkin told me.
Simkin emphasized that “high-value accounts” require dedicated wallet solutions, as sophisticated hackers “can breach the front-end.”
According to a report from blockchain security company Slowmist, the Bybit hacker, who is currently accused of linking to North Korea, injected malicious code into Safe’s JavaScript file, altered Bybit’s multi-sig transactions, and sent the funds to the attacker’s address. The crypto industry has put a lot of effort into auditing smart contracts, but it focuses on “traditional infrastructure.”
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
