Safe{Wallet}

#SafeWallet • 2025-02

🇨🇭 Switzerland

Safe{Wallet} and external analyses described the Bybit incident as a targeted Lazarus/TraderTraitor attack in which a compromised Safe{Wallet} developer environment enabled malicious front-end code to alter a multisig transaction proposal. The injected JavaScript on Safe{Wallet}'s AWS S3-hosted front end showed signers the expected address while replacing the actual transaction data, causing a Bybit Safe wallet owner to authorize a transaction that redirected control and funds to the attacker before the code was quickly removed.

Related Actors

Related Reports

2026-04-21
Quill Audits
#Cryptocurrency #Whitepaper #DeFi #MoneyLaundering #Bybit #SafeWallet #DriftProtocol #KelpDAO #T1090 #T1027 #T1566 #T1195 #T1583 #T1584
2025-08-06
Netlas
#Lazarus #Bybit #SafeWallet #T1090 #T1036 #T1204.002 #T1566.001 #T1090.002 #T1588.004
#Lazarus #Bybit #SafeWallet
2025-05-06
Elastic
#TraderTraitor #Bybit #SafeWallet
2025-03-17
Sygnia
#Bybit #SafeWallet
2025-03-13
Rekt
#Bybit #SafeWallet
2025-03-12
BBC
#News #Youtube #Bybit #SafeWallet
2025-03-11
Validin
#Lazarus #Bybit #SafeWallet
2025-03-10
NCCGroup
#Bybit #SafeWallet
2025-03-06
Safe.eth
#UNC4899 #Bybit #SafeWallet
2025-02-28
Privy
#Bybit #SafeWallet
2025-02-27
Slowmist
#Bybit #SafeWallet
2025-02-27
Sygnia
#Bybit #SafeWallet
2025-02-27
Verichains
#Bybit #SafeWallet
2025-02-27
Safe.eth
#Bybit #SafeWallet
« Back