In case anyone is interested, Bybit Hack Forensics Report:

https://docsend.com/view/s/rmdi832mpt8u93s7

TL;DR:

- Hackers injected malicious code into app.safe.global on Feb 19, 2025, targeting Bybit’s Ethereum Multisig Cold Wallet.

- The attack was triggered automatically during Bybit’s next transaction on Feb 21, 2025.

- Investigation suggests Safe.Global’s AWS or CloudFront credentials were compromised, allowing attackers to modify the JavaScript file.

- The malicious code was found in the Wayback Machine archive, confirming its legitimacy.

- Further investigation is needed to determine the full impact and root cause.

Bottom line: A supply chain attack was used to compromise a key security tool, leading to a targeted wallet exploit.

Ethereum

The ByBit hack has brought everyone's attention to frontend security. @earthfast would have prevented this issue. 🔐

In addition to decentralized frontend hosting, EarthFast protects protocol users by ensuring code authenticity .

More info on how this works below, along with an aggregation of different threads on the topic 👇

https://x.com/benbybit/status/1894768736084885929

1/

Great thread @alexgarcia 

We're working on this problem at @earthfast

Decentralize your frontend, securely.
https://earthfast.com/

Scaling Fintech, Web3 & AI Companies | @Emagine Ventures | Prev. @MoonPay

Great thread @alexgarcia 

We're working on this problem at @earthfast 

https://warpcast.com/sidsethi/0x6f7c4fd8

cofounder & coo @earthfast – building vercel for crypto. prev: founding eng @audius