Roberto Bayardo 🎩
@bayardo.eth
The sophistication of this attack boggles the mind and should terrify any project relying on multisig ceremonies. "The malware manipulated the front-end interface of Safe{Wallet} ... displaying legitimate transaction data to the developers while executing malicious transactions in the background." I'm very interested in learning exactly how that was accomplished. https://crypto.news/post-mortem-reveals-stealthy-malware-injection-led-to-50m-radiant-capital-exploit/
3 replies
4 recasts
31 reactions
Roberto Bayardo 🎩
@bayardo.eth
The full post-mortem: https://medium.com/@RadiantCapital/radiant-post-mortem-fecd6cd38081
0 reply
0 recast
3 reactions
agusti 🐘
@bleu.eth
Inside job? Looks like gr at excuse 😂
1 reply
0 recast
0 reaction
Stas
@stas
Ok Roberto, please help me understand how is it possible that SAFE displays one thing while you're signing something completely different? Like I'm sorry, but how can we trust SAFE web app after this. I'm trying hard to not point fingers at how bad the SAFE UX is for a product managing a ton of tvl.
1 reply
0 recast
0 reaction