It seems the truth has come to light—Safe has finally been compromised. Indeed, the smart contract part is fine (easily verifiable on-chain), but the front end was tampered with and falsified to achieve a deceptive effect. As for why it was tampered with, we’ll have to wait for the detailed disclosure from Safe’s official statement…

Safe is considered a kind of security infrastructure, so theoretically, anyone using this multi-signature wallet could potentially be robbed in a manner similar to Bybit.

What’s chilling to think about is that all other services with front ends, APIs, or user interaction interfaces might carry this same risk. This is also a classic example of a supply chain attack.

The security management model for massive/large-scale assets needs a major upgrade.