PANews reported on March 6 that the multi-signature wallet Safe{Wallet} announced that its joint security investigation with Mandiant (now part of Google Cloud) has made key progress and confirmed that the February 21 attack was carried out by the North Korean hacker group TraderTraitor (UNC4899), which has previously launched attacks on the crypto industry many times. The hackers gained critical access by hacking into the computers of Safe{Wallet} developers and hijacking AWS session tokens to bypass multi-factor authentication (MFA).
Safe{Wallet} stressed that despite the impact of the attack, the smart contract was not damaged, the system has been fully reset, and more stringent security measures have been implemented, including:
• Infrastructure reset : Regenerate all credentials, reset the cluster, update keys and secrets, and redeploy container images.
• External access restrictions : Temporarily block external access to trading services, allow only internal communication, and strengthen firewall rules.
• Malicious transaction detection upgrade : Cooperate with Blockaid to strengthen transaction monitoring and add risk markers for Safe account master control upgrades.
• Real-time monitoring enhancements : Improve logging and threat detection capabilities to enable faster response to security incidents.
• Pending transaction cleanup : Clear all pending transactions in the database to prevent potential security risks.
• Optimize UI and security verification tools : Introduce Safe Utils as a third-party transaction verification tool, and plan to provide a Safe{Wallet} version that is completely hosted on IPFS.
Safe{Wallet} calls on the Web3 ecosystem to jointly respond to increasingly complex security threats and strengthen the optimization of transaction verification tools to improve user security. The official has released a detailed transaction verification guide and plans to further optimize the user experience to reduce potential risks.
