Hot take: @safe wallets should have a default timelock for upgrades. It's a critical path that usurps all other security measures.

A doodler and computerer. I like permissive/permissionless open source, smart contracts, p2p systems, room-scale VR, and NixOS.

shazow.net

Currently: WhatsABI

Is that what happened with bybit?

Best resource?

Yea, blind signed a "musked" transaction (sounds like it implied it was just a swap to hot wallet) which turned out to be an upgrade in disguise.

Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…

Ben Zhou

Pragmatism (Security) at OP Labs.
Prev: ConsenSys & Coinbase.

Attribs: Friendly, curious, introverted, mid-witted.
Chans: /eth-security /maurelian /stoicism




Yea, blind signed a "musked" transaction (sounds like it implied it was just a swap to hot wallet) which turned out to be an upgrade in disguise.

https://x.com/benbybit/status/1892963530422505586