CZ Criticizes Safe’s Statement on Bybit Hack, Says it Raises More Questions Than Answers

Changpeng Zhao (CZ), the founder and former CEO of the world’s largest crypto exchange, Binance, has criticized a statement issued by the digital asset multi-signature wallet provider Safe about the $1.49 billion attack on derivatives trading platform Bybit last week.

According to CZ, the statement was expected to explain what led to the hack and how the issues are being fixed. However, it raises more questions than answers. The Binance founder insisted that Safe used vague language to “brush over” the issues, making the update from the company “not that great.”

Details of Safe’s Statement

The wallet provider revealed that a forensic review discovered the attack was executed via a compromised developer machine. Notably, the Safe team intends to publish a full post-mortem report once investigations into the incident are concluded.

Safe mentioned that the notorious North Korean hacking group Lazarus, which has been uncovered as the entity behind the attack, is well-known for sophisticated social engineering attacks. Hence, they used the compromised developer’s machine to submit a proposal for a “disguised malicious transaction” targeting the Bybit Safe.

Meanwhile, the Federal Bureau of Investigation (FBI) released an announcement confirming that Lazarus was indeed behind the Bybit hack. They referred to the malicious activity as “TraderTraitor.”

The external security team that conducted the forensic review did not find any vulnerabilities in Safe’s smart contracts or the source code of the platform’s frontend services. 

While the investigation is ongoing, Safe restored its services on the Ethereum mainnet with a phased rollout and eliminated the attack vector. The Safe frontend has also continued operations with additional security measures in place. Still, the wallet provider has urged users to exercise “extreme caution” when interacting with the platform.

CZ Asks Questions

In CZ’s tweet, he asked for the meaning of “‘compromising a Safe {Wallet} developer machine’”. He also asked if the machine was hacked with a virus or via a social engineering attack. He enquired how a developer machine had access to an account operated by Bybit – if the machine deployed a code that was compromised immediately.

The Binance founder further asked how the verification step for the Ledger crypto wallet got compromised at multiple signers – if it was blind signing or improper verification from signers. He also raised questions about the attackers targeting only Bybit, asking if the Bybit Safe had the largest assets on the platform.

In conclusion, CZ pointed out that there were no lessons other self-custody and multi-sig wallet providers could learn from the incident.