Now that we know who's behind the bybit attack. Let's look at how the hack actually worked.
At a high level, the hack involved the 4 broad group of events:
1. Attacker deployed a trojan contract and a backdoor contract.
2. Attacker tricked signers of the upgradeable multisig "cold" wallet to authorize a malicious ERC-20 transfer to a trojan contract
3. Instead of transferring tokens, trojan contract replaces the master copy of the actual Safe multisig implementation contract with the backdoor contract, which is solely controlled by the attacker.
4. The attacker called sweepETH and sweepERC20 to drain the wallet of all its native ETH, mETH, stETH, and cmETH
tokens.
#BybitSecurityBreach $BTC $ETH $BNB
ADA
0.2625
+2.49%
BNBUSDT
Perp
613.39
+0.84%