So the Bybit hack is insanely complex. For those who have not caught up, The Bybit theft is actually a Safe{Wallet} hack!

 Bybit itself was never infiltrated.

A Safe{Wallet} dev's machine was compromised by North Korean agents. Utilizing this infiltration they injected malicious JavaScript code into Safe{Wallet} hosted interface. This JavaScript specifically targeted Bybit's Safe{Wallet} address and did not interfere anywhere else, completely masking its existence until the moment its time came.

When Bybit used their Safe{Wallet} long-term storage to move funds into a hot wallet, the malicious JavaScript came to life. It manipulated the transaction BEHIND THE SCENES so that instead of whichever transaction Bybit saw on their Front End interface, the real tx sent all funds to a wallet the Attackers controlled.

INSANE. 

Bybit followed every known and widely accepted security procedure. Bybit was never infiltrated, yet lost 1.5B dollars :O