brypto

Bybit confirmed hacked. 

Withdraw all assets to be safe until this blows over.

https://x.com/benbybit/status/1892963530422505586

$1.4 BILLION worth of ETH lost in the Bybit hack

🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨 🚨  401,346 #ETH (1,133,327,423 USD) transferred from #Bybit to unknown wallet

https://t.co/z6xWcFxR4H

Whale Alert

$1.4 BILLION worth of ETH lost in the Bybit hack

https://x.com/whale_alert/status/1892942860686610609?s=46&t=LNZpH03544B952EdXOUs2w

Stay Curious // iixii // Lazer Technologies // Prev: CoinDesk, Roc Nation // based

wow its been a while, time to refresh https://rekt.news/leaderboard/

https://x.com/0xCygaar/status/1892964968611385486

Looks like safe might be the issue which is terrifying

Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…

Basically the hacker was able to attack each signer's device to make the multisig UI show something different from what was actually signed.

That's how they got the multisig to sign away the funds.

Crazy stuff.

cygaar

A doodler and computerer. I like permissive/permissionless open source, smart contracts, p2p systems, room-scale VR, and NixOS.

shazow.net

Currently: WhatsABI

hard to imagine it was the safe frontend itself, sounds like in the past the devices themselves were compromised? but let's see

we really need specialized wallets/devices just for bulletproof safe signing, the official safe mobile wallet sucks and using a random EOA wallet sucks and using a ledger sucks, it all sucks (gridplus is supposed to be better? i havent tried it)

Yeah i do think that is more likely that it was comprised on their end, it would be pretty hard to spoof that much

I think we also need more diverse/independent Safe multisig frontends, harder to write compromises/spoofing malware for N variations rather than 1.

whats the best SAFE multisig frontend today?  I've just used the main SAFE one but would love to use something better/cleaner/simpler