Hot take: @safe wallets should have a default timelock for upgrades. It's a critical path that usurps all other security measures.

A doodler and computerer. I like permissive/permissionless open source, smart contracts, p2p systems, room-scale VR, and NixOS.

shazow.net

Currently: WhatsABI

Is that what happened with bybit?

Best resource?

Yea, blind signed a "musked" transaction (sounds like it implied it was just a swap to hot wallet) which turned out to be an upgrade in disguise.

Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…

Ben Zhou

Pragmatism (Security) at OP Labs.
Prev: ConsenSys & Coinbase.

Attribs: Friendly, curious, introverted, mid-witted.
Chans: /eth-security /maurelian /stoicism




Yea, blind signed a "musked" transaction (sounds like it implied it was just a swap to hot wallet) which turned out to be an upgrade in disguise.

https://x.com/benbybit/status/1892963530422505586

Ongoing investigative notes from @tayvano over here:

Ongoing investigative notes from @tayvano over here: https://github.com/tayvano/lazarus-bluenoroff-research/blob/main/hacks-and-thefts/bybit.md

More here: https://blog.trailofbits.com/2025/02/21/the-1.5b-bybit-hack-the-era-of-operational-security-failures-has-arrived/