The reason for the Bybit theft was announced, is #safeWallet the culprit?

I have a few questions about safe's statement. ⬇️

1⃣ What was the specific reason that caused the developer's machine to be hacked? Are there any avoidable vulnerabilities and management issues? Are other developer environments also likely to be threatened?

2⃣ The statement mentioned that an external security review was conducted, but did not mention the specific report and specific audit results of the review, and whether these audit results can be accessed.

3⃣ Is it possible that Lazarus has entered @safe, and how to conduct an internal investigation.

The biggest security incident came from the security protocol itself, which is really a laughing stock.