The Bybit theft incident has a suspenseful reversal! Is the Safe official front-end the culprit?

Article author: 0x9999in1, MetaEra

In the early morning of February 27th, Hong Kong time, Bybit, which was involved in the largest hacker theft in history, and Safe, which involved a multi-signature wallet, released an accident investigation report. This was originally a more detailed investigation report, but the report directly overturned the previous preliminary judgment and pointed the finger at the official front end of Safe!

Initial judgment: The front-end of three Bybit signers was hacked

On the day when $1.46 billion of cryptocurrency was stolen, Bybit, on-chain detectives, and security experts concluded that the main reason for the theft of Bybit was that Bybit's Ethereum cold wallet was stolen by the North Korean hacker group Lazarus Group due to a malicious contract upgrade. Bybit uses the Safe multi-signature wallet combined with a hardware cold wallet. This solution sets a 3/3 signature threshold, which means that all three private key holders must authorize at the same time to perform any asset transfer operation. So the hacker deployed a malicious contract with a backdoor 3 days in advance. When the signer was performing daily operations, the hacker quietly replaced the normal transaction request with the malicious contract they had deployed in advance.

This actually raises a huge question: the front-end of Bybit’s three signers was actually collectively tampered with. However, you must know that the three signers will be involved in different locations, different devices, and different networks. It is necessary to lock these three signers in a short period of time, and collective tampering is too difficult!

According to Bybit CEO Ben Zhou's recollection in the X live broadcast: he was the last to sign the multi-signature transfer, and he used a Ledger device. There was a problem when signing but he didn't pay attention to it. The delivery address was not displayed when signing. Currently, there are 4,000 withdrawal transactions waiting to be processed.

Investigation results: Malicious code was injected into the Safe official front end

In two accident investigation reports, the North Korean hacker group Lazarus Group injected malicious code into Safe's front end, and SafeGlobal's AWS S3 or CloudFront account/API key was leaked or stolen. As Safe's server was hacked, malicious code was implanted in the web page, and Bybit's three signers all used Safe's official front-end web page, which was tampered with and stolen after the signature information was stolen.

Although this may also lead to the possibility of theft of Bybit's cold wallet, some people have raised the following question: many exchanges use safe multi-signature, why was only Bybit hacked that day? The truth is that hackers targeted Bybit's EthereumMultisig cold wallet, because there is only one chance to steal, and if they want to steal, they have to steal a large amount.

Web3 smart contracts and Web2 website front-ends: a grass-roots troupe performing

Perhaps, who would have thought that the official front-end website is not safe? This does not mean that Safe is no longer safe. There are some differences. There is no problem with the smart contract of Safe itself, but the problem is its front-end. The Safe front-end is developed by the Safe team and deployed on AWS (Amazon Cloud). After all, the front-end webpage is a centralized application, so there is a centralized single point risk. In this way, in the decentralized world, as long as there is a centralized point, there will be such a single point risk.

As a project owner and ordinary user, how can we avoid attacks caused by partial centralization like this one? Twitter KOL Yue Xiaoyu gave the following suggestions.

Project parties need to pay attention to three points: 1. Large assets still need to use a combination of hardware wallets and multi-signature solutions, but hardware wallets need to solve the problem of blind signatures, and each signer must fully understand what he is signing; 2. Multi-party verification is required, and it is best to have an independent third-party verifier. This can ensure that the multi-signature link will not cause risks due to the same problem. For example, the same front-end was used for multiple signatures in this incident; 3. In the long run, it is still necessary to promote all links in each project party to ensure that they are decentralized. For example, the front-end should adopt a decentralized front-end solution and be deployed in some decentralized storage, such as IPFS.

For ordinary users, he believes that it is necessary to avoid using centralized trading platforms as much as possible and to isolate funds. Because the wallet addresses of exchanges are basically public, and the flow of funds is also public, as long as more resources are invested in attacks, there will be a day when they will be breached. Then, the only thing we can trust is technology, not "people" or "platforms."

CZ: Five major questions about Safe's investigation report

As of now, Safe has stated on social media that the attack on Bybit was achieved by hacking into the devices of Safe {Wallet} developers, resulting in malicious transactions disguised as legitimate transactions being submitted.

In response to Safe’s explanation, Binance founder CZ posted on social media that the incident report released by Safe used vague language to cover up the problem and directly raised five questions:

What does "compromise the Safe {Wallet} developer machine" mean? How did they hack into this particular machine? Was it social engineering, viruses, etc?

・How can a developer machine access "Bybit operated account"? Some code is deployed directly to prod from this developer machine?

How did they trick the Ledger verification step with multiple signers? Was it blind signatures? Or did the signers not verify correctly?

Is $1.4 billion the largest address managed using Safe? Why don’t they target others?

What can other “self-custodial, multi-signature” wallet providers and users learn from this?

To be continued

Although the review by external security researchers did not find any vulnerabilities in the Safe smart contract or front-end and service source code, X platform user 23pds (Shan Ge) revealed that through the latest code update of Safe on GitHub, some interesting front-end updates were found...

At present, the Bybit theft incident has not been completely concluded, but the process and results are becoming clearer. MetaEra will continue to pay attention and update in real time.