The sophistication of this attack boggles the mind and should terrify any project relying on multisig ceremonies.

"The malware manipulated the front-end interface of Safe{Wallet} ... displaying legitimate transaction data to the developers while executing malicious transactions in the background."

I'm very interested in learning exactly how that was accomplished.

The sophistication of this attack boggles the mind and should terrify any project relying on multisig ceremonies.

"The malware manipulated the front-end interface of Safe{Wallet} ... displaying legitimate transaction data to the developers while executing malicious transactions in the background."

I'm very interested in learning exactly how that was accomplished.

https://crypto.news/post-mortem-reveals-stealthy-malware-injection-led-to-50m-radiant-capital-exploit/

Eng @ Coinbase, working on Base
https://bayardo.org

Ok Roberto, please help me understand how is it possible that SAFE displays one thing while you're signing something completely different?

Like I'm sorry, but how can we trust SAFE web app after this.

I'm trying hard to not point fingers at how bad the SAFE UX is for a product managing a ton of tvl.

Looks like safe is not what the attacker exploited. safe generated the desired transaction — the attacker compromised the signing device and tricked the users into signing malicious txs

Looks like safe is not what the attacker exploited. safe generated the desired transaction — the attacker compromised the signing device and tricked the users into signing malicious txs

https://x.com/safe/status/1847253904246878553?s=46&t=FJ9Ia-2v_9ftxl0My0axTg