Wu Shuo learned that Bybit has released a report on the hacking and coin theft incident: the benign JavaScript file of the app Safe Global seems to have been replaced by malicious code on February 19, 2025 at 15:29:25 UTC, specifically targeting Bybit's Ethereum Multisig cold wallet. The attack aims to activate during the next Bybit transaction. Based on the investigation of Bybit signer machines and the discovery of cache malicious JavaScript payloads on Wayback Archive, the conclusion is that Safe Global's AWS S3 or CloudFront account/AP | keys may have been leaked or stolen. The official statement from Safe states that the attack on Bybit Safe was carried out through the compromised Safe {Wallet} developer machine, resulting in disguised malicious transactions. https://www. (wublock123.com)/index.php? m=content&c=index&a=show&catid=6&id=38592 Polygon Mudit Gupta questions why a developer has the right to change content on the Safe website from the beginning? Why haven't changes been monitored? Hasu stated that although the Safe frontend, rather than the Bybit infrastructure, was hacked, the Bybit infrastructure was not sufficient to prevent a relatively simple hacker attack in the end. There is no reason not to verify message integrity on the second isolation machine when transferring funds exceeding $1 billion.