According to PANews, Safe has issued a statement on the X platform in response to Bybit's forensic report regarding a hacking incident. The investigation into the targeted attack on Bybit by the Lazarus Group concluded that the breach was executed through a compromised Safe{Wallet} developer machine, leading to disguised malicious transactions. Lazarus Group, a North Korean government-backed hacking organization, is known for sophisticated social engineering attacks on developer credentials, sometimes utilizing zero-day vulnerabilities. External security researchers found no vulnerabilities in Safe's smart contract or the source code of its front-end and services.
Following the incident, the Safe{Wallet} team conducted a comprehensive investigation and has gradually restored Safe{Wallet} on the Ethereum mainnet. The team has completely rebuilt and reconfigured all infrastructure and rotated all credentials to eliminate any attack vectors. A full post-mortem analysis will be released once the investigation is finalized. The Safe{Wallet} front-end remains operational with additional security measures in place. However, users are advised to exercise caution and remain vigilant when signing transactions.
