Bybit, the world’s second-largest cryptocurrency exchange by trading volume, today issued an important update to the community on the ongoing forensic investigation into the recent security incident. Our preliminary findings reaffirm the integrity of Bybit's infrastructure while providing crucial insights into the nature of the attack.
The forensic review into the targeted attack by the Lazarus Group concluded that the credentials of a Safe developer were compromised. This allowed the attacker to gain unauthorized access to the Safe{Wallet} infrastructure and totally deceive signers into approving a malicious transaction.
Bybit had engaged third-party forensic experts, including Verichains and Sygnia Labs, to conduct an independent review. Both forensic experts have found no indications of any compromise within Bybit’s infrastructure as confirmed in SAFE’s own statement relating to the compromise of its own environment.
Third-party reports can be downloaded here: https://docsend.com/view/s/rmdi832mpt8u93s7
Bybit's Immediate Response and Future Measures
Bybit had moved the majority of funds out of its Safe Wallet administered addresses on the day of the incident. Ensuring the safety and security of our users remains our top priority. We actively evaluate alternative wallet solutions for custody that meet the highest security standards.
Bybit is and remains 100% secure. Our preliminary forensics experts have concluded that our infrastructure was not compromised. We will continue to enhance our security measures and collaborate with top security experts to uphold our commitment to user safety.
Statement from Ben Zhou, Co-founder and CEO of Bybit:
"Bybit remains steadfast in our commitment to security and transparency. The preliminary forensic review finds that our system was not compromised. While this incident underscores the evolving threats in the crypto space, we are taking proactive steps to reinforce security and ensure the highest level of protection for our users."
#Bybit / #TheCryptoArk