According to Odaily, the security community Dilation Effect reported on the X platform that the recent Bybit incident involved a unique attack method. Unlike previous similar events, this breach required compromising only one signer due to the use of a 'social engineering' technique by the attacker. Analyzing on-chain transactions revealed that the attacker executed a malicious contract's transfer function using delegatecall. This transfer code utilized the SSTORE instruction to alter the value of slot 0, effectively changing the implementation address of Bybit's cold wallet multi-signature contract to the attacker's address. The transfer method was particularly clever, as it only required compromising the person or device initiating the multi-signature transaction. Subsequent reviewers, upon seeing the transfer, would likely lower their guard, assuming it was a standard transaction, unaware that it was actually altering the contract. The attacker's methods have evolved significantly.