In case anyone is interested, Bybit Hack Forensics Report:

https://docsend.com/view/s/rmdi832mpt8u93s7

TL;DR:

- Hackers injected malicious code into app.safe.global on Feb 19, 2025, targeting Bybit’s Ethereum Multisig Cold Wallet.

- The attack was triggered automatically during Bybit’s next transaction on Feb 21, 2025.

- Investigation suggests Safe.Global’s AWS or CloudFront credentials were compromised, allowing attackers to modify the JavaScript file.

- The malicious code was found in the Wayback Machine archive, confirming its legitimacy.

- Further investigation is needed to determine the full impact and root cause.

Bottom line: A supply chain attack was used to compromise a key security tool, leading to a targeted wallet exploit.

Scaling Fintech, Web3 & AI Companies | @Emagine Ventures | Prev. @MoonPay