Former Binance CEO Changpeng Zhao (CZ) isn’t satisfied with the explanation given by Safe Wallet concerning the $1.5 billion Bybit hack. He criticized the post-mortem report, arguing that it lacks clarity and leaves critical questions unanswered.
Safe Wallet’s forensic audit attributed the breach to a compromised developer machine rather than vulnerabilities in its smart contracts. The company assured users that neither its front-end code nor its on-chain infrastructure contained security flaws. Instead, the breach allegedly originated from unauthorized access to its Amazon Web Services system, which enabled attackers to manipulate Bybit’s multi-signature wallet.
Changpeng Zhao is not so Convinced
Despite these assurances, CZ expressed skepticism over the findings. He criticized the report’s vague language and questioned how attackers managed to bypass multiple layers of security.
His concerns included whether social engineering, malware, or another advanced technique was used to compromise the developer’s machine. He also questioned how a single compromised machine could facilitate unauthorized transactions, raising concerns about the security protocols in place.
How the ByBit Attack Unfolded
Reports indicate that malicious JavaScript was injected into Safe’s infrastructure two days before the breach, triggering only when transactions originated from specific contract addresses linked to Bybit’s multi-signature wallet. Once the fraudulent transaction was executed, the attackers promptly removed their traces and disappeared, complicating forensic analysis.
While Bybit’s core exchange infrastructure remained intact, the platform had to act quickly to stabilize its reserves. It secured funding through loans and investments to fully restore user funds, ensuring that no client assets were affected. This response helped mitigate the potential fallout from the attack but did not erase concerns about how such an exploit was possible in the first place.
The Bybit hack has cast doubt on the reliability of multi-signature wallets, which have long been considered a safer alternative to single-key storage. The attackers’ ability to bypass Ledger verification and manipulate multiple signers suggests a critical weakness in these systems.
