Cosine: Bybit attacker uses three owners to sign a transaction that replaces the Safe implementation contract with a malicious contract

PA一线｜2025-02-21 16:49

PANews reported on February 22 that SlowMist Cosine disclosed some details of the Bybit Safe multi-signature hack on the X platform: The malicious implementation contract was deployed at 0xbDd077f651EBe7f7b3cE16fe5F2b025BE2969516 at UTC 2025-02-19 7:15:23

The attacker used three owners to sign the transaction 0x46deef0f52e3a983b67abf4714448a41dd7ffd6d32d32da69d62081c68ad7882 to replace the Safe implementation contract with the malicious contract at UTC 2025-02-21 14:13:35

Malicious upgrade logic is embedded into STORAGE[0x0] 0x96221423681A6d52E184D440a8eFCEbB105C7242 via DELEGATECALL

The attacker then used the backdoor functions sweepETH and sweepERC20 in the malicious contract to withdraw assets from the hot wallet.

Original Link

Author ：PA一线
This article reflects the opinions of PANews's columnist and does not represent the stance of PANews. PANews does not assume legal responsibility. The article and opinions do not constitute investment advice.
Image Source ： PA一线 If there is any infringement, please contact the author to remove it.