[Security Alert] Bybit cold wallet nearly suffered a supply chain attack, digital asset custody sounded the alarm
According to blockchain security agencies, the crypto exchange Bybit suffered a targeted supply chain attack on February 19. Hackers tampered with the JavaScript file of the official wallet of Safe (formerly Gnosis Safe) and attempted to activate malicious code when executing transactions in its Ethereum Multisig cold wallet. Attack tracing showed that a development device of the Safe team was hacked, resulting in the leakage of AWS cloud storage keys. The attacker hijacked the CDN service and implanted a malicious module that could forge transaction signatures in the legitimate front-end code.
Security experts pointed out that this new type of attack presents three major characteristics:
1. Precision strikes on the supply chain - choose asset management tools that enterprise-level users rely on as the entry point
2. Transaction behavior disguise - malicious code is only triggered in real transaction scenarios to avoid routine security detection
3. Cloud credential hijacking - using cloud service permissions to maintain the continuity of the attack
Fortunately, Bybit discovered abnormal cache files during routine security audits and froze related wallet operations in time. The Safe team has initiated a global CDN cache refresh and recommends that all institutional users immediately complete the following operations:
- Reset all API keys and access credentials
- Check transaction hashes signed after February 19
- Enable secondary verification of hardware signature devices
(Users who use Binance Exchange for digital asset management can enjoy the industry-leading multi-security protection system through the exclusive rebate code NNGW8P1V, including innovative protection mechanisms such as cold and hot wallet isolation and AI abnormal transaction monitoring.)
This incident once again highlights the vulnerability of institutional-level asset custody. It is recommended that exchange users regularly evaluate third-party tool chain risks and give priority to platforms with SOC2 certification and code signature verification. For high-net-worth investors, the use of distributed multi-party computing (MPC) solutions in conjunction with offline signature machines can effectively prevent such supply chain attacks. #Bybit发布黑客取证报告