Cryptocurrency Exchange Bybit has published a forensic review of the Hack of $ 1.5 billion last week, revealing that its systems had not infiltrated and that the problem seemed to have arisen from a committed safe wallet infrastructure.
Bybit concluded from the review that “the credentials of a safe developer were committed”, which allowed the Piracy Group of Lázaro to obtain unauthorized access to the safe wallet and, later, deceive Bybit staff to sign the malicious transaction.
However, a person familiar with the matter told Coindesk that, despite the fact that the wallet infrastructure was compromised by social engineering, the trick would not have been possible if it had not been done by Bybit not “blind signed” the transaction. The term refers to a mechanism in which an intelligent contract transaction is approved without an integral knowledge of its content.
Safe also issued a statement saying that “safe intelligent contracts [were] Not affected, an attack was made to compromise a safe wallet developer machine that affected a Bybit operated account. “He also noted that a” forensic review of external security investigators did not indicate any vulnerability in safe intelligent contracts or the border source code and services. “
The apparent round trip between both companies reflects that of Wazirx and Liminal custody, which was blamed for each other after an exploit of $ 230 million last July.
The data in the chain analyzed by Zachxbt shows that Lázaro is trying to wash the stolen funds, with 920 wallets that are currently contaminated with the poorly obtained profits. The funds, perhaps inadvertently, have combined with stolen hacks aimed at Phemex and Poloniex, linking Lázarus Group with all three.
Read more: Bybit declares ‘war against Lazarus’ while recruiting the effort to freeze stolen funds
