A Cryptocurrency Clash: Bybit vs. Safe Custody in $1.5B Hack Dispute
In the fast-paced world of cryptocurrency, a recent $1.5 billion hack has sparked a heated dispute between two major players: Bybit and Safe Custody. The drama unfolding between these industry giants closely resembles a similar showdown last July between WazirX and Liminal Custody, who pointed fingers at each other after a $230 million exploit.
Bybit, a prominent cryptocurrency exchange, has released a detailed forensic review of the hack, shedding light on the incident. According to Bybit’s findings, their systems were not breached, and the root of the problem seemed to lie in compromised Safe wallet infrastructure. The forensic review indicated that the hack was made possible by the compromised credentials of a Safe developer, allowing the notorious Lazarus hacking group to gain unauthorized access to the Safe wallet. Subsequently, Bybit staff were deceived into signing off on a malicious transaction.
However, an insider familiar with the situation shared with CoinDesk that while the wallet’s infrastructure was indeed compromised through social engineering, the hack would not have been successful if Bybit had not blindly approved the transaction. This practice, known as “blind signing,” involves approving a smart contract transaction without fully understanding its contents.
Safe, on the other hand, clarified in a statement that their smart contracts remained unaffected by the breach. They revealed that the attack was carried out by compromising a Safe developer’s machine, which impacted an account operated by Bybit. Additionally, Safe emphasized that a forensic review conducted by external security researchers found no vulnerabilities in their smart contracts or the source code of their frontend and services.
The ongoing exchange of accusations and explanations between Bybit and Safe Custody echoes the previous dispute between WazirX and Liminal Custody, highlighting the contentious nature of the cryptocurrency industry when security breaches occur.
Laundering Attempts and Tainted Wallets
Analyzing on-chain data, ZachXBT has uncovered that the Lazarus group is actively attempting to launder the stolen funds from the hack. Currently, 920 wallets have been tainted with the ill-gotten gains, indicating the scale of the operation. Interestingly, these funds have been mixed with stolen assets from previous hacks targeting Phemex and Poloniex, linking the Lazarus Group to multiple high-profile incidents.
Oliver Knight, a key figure in the CoinDesk data tokens and data team, brings valuable insight into the situation. With a background in cryptocurrency and market making, Knight’s expertise sheds light on the complexities of the ongoing dispute between Bybit and Safe Custody. Knight’s experience investing in bitcoin since 2013 gives him a unique perspective on the evolving landscape of digital assets and security challenges faced by industry players.
As the cryptocurrency community grapples with the fallout of the $1.5 billion hack and the ensuing dispute between Bybit and Safe Custody, the need for enhanced security measures and transparency in the industry becomes more apparent than ever. The intricacies of these high-stakes battles underscore the importance of vigilance and collaboration in safeguarding digital assets against malicious actors.
With the fate of billions of dollars hanging in the balance, the cryptocurrency world watches closely as Bybit, Safe Custody, and other industry players navigate the aftermath of this monumental hack. As investigations continue and tensions escalate, the true impact of the breach and the subsequent fallout remain to be seen. Stay tuned for the latest developments in this unfolding saga, as the battle for security and accountability in the digital realm rages on.