Emma Nelson 
Bybit Hack Linked to Third-Party Vulnerability in Safe Wallet Infrastructure. Initial investigations into the Bybit security breach suggest that a third-party vulnerability was exploited, leading to the attack. While the preliminary findings have cleared Bybit of direct responsibility, cybersecurity experts believe that stronger security measures could have prevented the hack.
Safe Wallet Vulnerability at the Core of Bybit Hack
In the aftermath of the $1.5 billion Bybit hack, the exchange enlisted the help of Web3 security firms Verichains and Sygnia Labs to conduct a comprehensive investigation. Bybit CEO Ben Zhou shared insights from the interim report on X (formerly Twitter), revealing that the breach originated from a vulnerability within Safe Wallet’s infrastructure.
According to the report, the root cause of the hack was malicious code injected into the wallet’s infrastructure. Bad actors compromised the JavaScript file of app.safe.global, targeting Bybit’s Ethereum Multisig Cold Wallet. The attack was strategically timed to coincide with an upcoming Bybit transaction, maximizing its impact.
Both Verichains and Sygnia Labs’ analysts believe that the hackers likely targeted Safe Global’s AWS S3 and CloudFront accounts, exploiting vulnerabilities within these cloud services.
The report also highlights evidence from Wayback Archives, which showed cached malicious files linked to Google Search integrations. Safe Wallet confirmed this in an official statement, attributing the breach to a compromised Safe developer machine.
“Bybit remains committed to ensuring the highest level of security and transparency,” stated Ben Zhou. “Our preliminary forensic review indicates that Bybit’s systems were not compromised directly.”
Coordinated Response to Recover Funds and Safeguard Users
In response to the breach, Bybit quickly moved funds from its compromised Safe Wallet to minimize potential losses. The exchange successfully froze $42 million in stolen assets, thanks to coordinated efforts across the cryptocurrency industry.
To counteract the attack and prevent the Lazarus Group—a suspected hacking collective—from cashing out, Bybit launched a bounty hunt to track down the perpetrators.
In a positive development, Bybit managed to recover 100% of the lost Ethereum through a series of loans and over-the-counter (OTC) deals with industry giants such as Galaxy Digital and Wintermute. This swift and effective recovery underscores Bybit’s resilience and commitment to protecting its users.
Strengthening Security Measures and Moving Forward
The Bybit hack has highlighted the critical importance of third-party security audits and robust cybersecurity protocols. The exchange is now working closely with Verichains and Sygnia Labs to implement enhanced security measures and prevent similar breaches in the future.
This incident serves as a stark reminder of the evolving threats in the cryptocurrency space and the necessity for continuous vigilance and proactive security strategies.
