Advertisement · 728 × 90
#
Hashtag
#gnosisSafe
Advertisement · 728 × 90
⚯ Michel de Cryptadamus ⚯
⚯ Michel de Cryptadamus ⚯
@cryptadamist.universeodon.com.ap.brid.gy
1 year ago
Original post on universeodon.com

this interview w/one of the only #cybersecurity people in the crypto industry who has any idea what he's talking about goes through all the incredible failures at every level of both #Bybit & #SafeWallet (whose main product is #GnosisSafe, AKA "the most important smart contract in the […]

1 0 1 0
⚯ Michel de Cryptadamus ⚯
⚯ Michel de Cryptadamus ⚯
@cryptadamist.universeodon.com.ap.brid.gy
1 year ago
1.1 KEY FINDINGS Thus far, the forensics investigation highlighted the following findings: • Forensic investigation of all hosts used to initiate and sign the transaction revealed malicious JavaScript code injected to a resource served from Safe{Wallet}'s AWS S3 bucket. • Resource modification time and publicly available web history archives suggest the injection of the malicious code was performed directly to Safe{Wallet}'s AWS S3 bucket. • Initial analysis of the injected JavaScript code suggests it's primary objective is to manipulate transactions, effectively changing the content of the transaction during the signing process. • Additionally, the analysis of the injected JavaScript code identified an activation condition designed to execute only when the transaction source matches one of two contract addresses: Bybit's contract address and a currently unidentified contract address, likely associated with a test contract controlled by the threat actor. • Two minutes after the malicious transaction was executed and published, new versions of the JavaScript resources were uploaded to Safe{Wallet}'s AWS S3 bucket. These updated versions had the malicious code removed. • The highlighted initial findings suggest the attack originated from Safe{Wallet}'s AWS infrastructure. • Thus far, the forensics investigation did not identify any compromise of Bybit's infrastructure.

1.1 KEY FINDINGS Thus far, the forensics investigation highlighted the following findings: • Forensic investigation of all hosts used to initiate and sign the transaction revealed malicious JavaScript code injected to a resource served from Safe{Wallet}'s AWS S3 bucket. • Resource modification time and publicly available web history archives suggest the injection of the malicious code was performed directly to Safe{Wallet}'s AWS S3 bucket. • Initial analysis of the injected JavaScript code suggests it's primary objective is to manipulate transactions, effectively changing the content of the transaction during the signing process. • Additionally, the analysis of the injected JavaScript code identified an activation condition designed to execute only when the transaction source matches one of two contract addresses: Bybit's contract address and a currently unidentified contract address, likely associated with a test contract controlled by the threat actor. • Two minutes after the malicious transaction was executed and published, new versions of the JavaScript resources were uploaded to Safe{Wallet}'s AWS S3 bucket. These updated versions had the malicious code removed. • The highlighted initial findings suggest the attack originated from Safe{Wallet}'s AWS infrastructure. • Thus far, the forensics investigation did not identify any compromise of Bybit's infrastructure.

#Bybit released the conclusions of their investigation into how they got rekt for $1.4 billion by North Korea's #LazarusGroup.

Summary:

1. (background) Bybit were dumb enough to store billions of dollars in a single wallet contract using software from a […]

[Original post on universeodon.com]

1 1 0 0
Vedaykin
Vedaykin
@vedaykin.bsky.social
1 year ago
Post image

Holy shi$#, imagine needing cash stored on #gnosisSafe and all services on halt. Maybe I have to rethink decentralizing multi sig wallets. This is not decentralized at all, at least the front end. #bybit #bitcoin #crypto

1 0 0 0