Author: BlockBeats
The next hacker-themed movie may be based on the recent $1.5 billion hack incident involving Bybit and Safe. The hacker's methods were nearly flawless, and no traces have been found so far.
After a week of extensive investigation, the latest updates have been provided by the Safe team, Bybit, and security companies. Rhythm Blockbeats summarizes the investigation results in the simplest terms, revealing the first-hand situation of the incident:
Code is fine: The front-end code of Safe is open-source, and there are no issues at the code level; it was the security of Safe's server that was attacked.
There is an "insider": Specifically, the code that was actually deployed in the production environment does not match what is shown in the open-source repository. This means that at some point, someone replaced the code or inserted malicious code during the deployment process.
Insider's identity unknown: Not all developers have the authority to deploy production environment code. Those who can perform such deep operations must have a high level of trust. This "insider" could be a long-trusted developer or a team member who has gained sufficient permissions. The attacker has hidden their tracks for a long time, and Safe has checked historical transactions but has not found any anomalies or traces of the "insider," calling on the community and users to assist in the investigation.
In addition, Safe has not mentioned any plans to assist with compensation, only stating some follow-up upgrade plans, while reminding everyone to remain rational and not to believe those marketing their so-called "advanced multi-signature," "semi-custodial," "MPC," and other products in light of this hacking incident, as these products may actually expand the attack surface.
In fact, this is not the first theft incident involving Safe's multi-signature. The method used this time is very similar to the Radiant Capital hack incident in October last year. In that incident, the hacker also infected the devices of core developers, implanting malware that led developers to mistakenly believe they were performing legitimate operations when signing transactions, while malicious transactions were executed in the background.
Safe Can Influence a Large Portion of the Crypto Space
Why is this incident attracting so much attention? The reason is that Safe is the most popular multi-signature wallet in the Ethereum ecosystem.
When Safe launched its token last year, the top 100 addresses for the airdrop were almost entirely composed of project parties, institutions, and large holders. This means that the security of Safe can influence a large portion of the crypto space.
As shown in the image, well-known names include Metamask, PleasrDao, AAVE, 1inch, Lido, and more.
At the same time, during this cycle, traditional finance, traditional institutions, family funds, and old money have accelerated their entry into the market. However, due to the high barriers to entry in crypto, many have chosen relatively safer methods to protect their funds, such as using the multi-signature wallet Safe.
For example, the most representative case is Trump's DeFi team.
According to Safe guardians who spoke to Rhythm BlockBeats, the simplest ways to determine whether an on-chain address is a Safe wallet address are: one is the "MultiSig" multi-signature displayed on ARKHAM, and the other is that the address on the debank page will directly show "MultiSig:Safe" below it. As seen in the image, Trump's DeFi project World Liberty Fi indeed uses a multi-signature wallet.
This means that any security vulnerability in Safe could trigger a massive chain reaction and butterfly effect.
Even Top Security Infrastructure in Crypto Can Have Issues
The Safe project is essentially a top-tier project in the Ethereum ecosystem, incubated by the Gnosis team.
Gnosis Chain, which gained fame during the last cycle, focuses on efficient and secure decentralized application development. According to DefiLlama data, as of the writing of this article, the total value locked (TVL) in Gnosis Chain is $200 million, with a peak of $350 million.
In fact, the story of the Gnosis ecosystem and incubator can be traced back to 2015.
Compared to the now well-known Polymarket, Gnosis co-founder Martin Koeppelmann began researching decentralized prediction markets much earlier. In 2015, he published thoughts on the combination of MarketMaker and OrderBook on his forum, which was one of the earliest concepts for decentralized prediction markets in the industry.
Martin Koeppelmann was also one of the earliest Ethereum developers, having joined before the DAO period. He has maintained close ties with Vitalik, who was at the Berlin office at the time.
Over the years, he has participated in many discussions within the Ethereum development community, often discussing issues related to L2, ZK, and the Ethereum roadmap with Vitalik. From Martin's comments on social media, one can see his level of integration into the community.
It is based on this technical accumulation that Gnosis has gradually developed a complete ecosystem. From Gnosis Protocol evolving into CowSwap, Martin and his team further derived products such as Gnosis Chain, Safe, and Gnosis Pay.
Has the Signal for a Bear Market Been Triggered?
The impact of this Safe security incident has indeed caused a lot of panic and pessimism in the crypto space. According to Alternative.me data, today's cryptocurrency fear index has dropped to 10, the lowest since July 2022, with the market remaining in a state of extreme fear.
This has led many community members to question whether multi-signature is just a "cover-up" decoration?
At the same time, many industry practitioners have expressed reflections and concerns about the industry: "If multi-signature wallets are not safe, then who will take this industry seriously and trust it? Has the crypto industry truly become a hacker's blood bag?"
Looking back at history, the end of each crypto bull market is often accompanied by significant security and trust crises.
For example, the early Mt. Gox incident led to a large amount of crypto assets being stolen, becoming one of the most famous hacking incidents in the history of the crypto industry; the end of the last bull market began with the trust crisis triggered by the collapse of FTX and the Terra crash, severely affecting investor confidence across the industry.
So, what will cause the end of this bull market? Pessimistically speaking, the Safe security incident could very well be one of the "signals" marking the end of this bull market.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
