According to Foresight News, SlowMist has reported that the devices of Safe developers were compromised, leading to the injection of malicious code into the front-end. This attack intercepted and altered transaction parameters. Upon swift verification, it was confirmed that the JavaScript files on Safe's front-end contained malicious code. The associated address (0xbdd077f651ebe7f7b3ce16fe5f2b025be2969516) is linked to the malicious execution contract responsible for siphoning off $1.5 billion in assets from ByBit.