[SNIPER02]

was it you anon?

[CasperBeast]

Shit https://www.pro-gadgets.live/blog/breaki...ion-in-eth

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you feel this is incorrect.

[nov13]

JACKPOT JACKPOT $$$$$$$$$$$

[fsdkflj2398]

this is goooooooooooooooooooooooooooooooooooooooooood

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Self-Ban | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you wish to be unbanned in the future.

[killaTheGoat]

I'm going to buy lambo and island

[StAmp3r]

This is legit mental

[dots]

Shit https://www.pro-gadgets.live/blog/breaki...ion-in-eth

Thats fucking crazy

---

I'm going to buy lambo and island

Hagagah thats fucking awesome. You need to show it. I'm really into cars

---

was it you anon?

Dose anyone know how they did it

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Selling in buyer's place | Drainers are not permitted

[302]

That is fucking mental, god damn! Wonder how I didn't hear about this.

[AOXA]

nah that was crazy

[justatech]

I read the FBI complaint on Park Jin Hyok and combined with this last heist... am I the only one admiring Park's work? Hopefully not...

---

Shit https://www.pro-gadgets.live/blog/breaki...ion-in-eth

Thats fucking crazy

---

I'm going to buy lambo and island

Hagagah thats fucking awesome. You need to show it. I'm really into cars

---

was it you anon?

Dose anyone know how they did it

based on https://www.certik.com/resources/blog/3w...l-analysis

that's how they did it:

Bybit $1.46 Billion Crypto Heist: Technical Analysis and Security Implications

On February 21, 2025, at 02:16:11 PM UTC, Bybit's cold Ethereum wallet (0x1db92e2eebc8e0c075a02bea49a2935bcd2dfcf4) was compromised, resulting in the loss of approximately $1.46 billion. The breach was executed through a sophisticated phishing attack that led to a malicious contract upgrade.

Incident Summary

The attacker conducted phishing attacks targeting the cold wallet signers, deceiving them into signing malicious transactions. This manipulation replaced the Safe's multi-signature wallet implementation with a malicious contract, enabling the unauthorized transfer of funds. Notably, the transaction appeared legitimate on the Safe{Wallet} UI, while the malicious data was transmitted to the Ledger hardware wallets.

Exploit Transactions

Key transactions involved in the exploit include:

- Upgrade of Safe wallet implementation to malicious contract
- Unauthorized transfer of 401,346 ETH
- Unauthorized transfer of 90,375 stETH

Attack Flow

1. **Deployment of Malicious Contracts**: Three days prior to the attack, on February 18, 2025, the attacker deployed two malicious contracts designed to:
  - Include backdoor functions for fund transfers (Contract Address)
  - Modify storage slots to facilitate a contract upgrade (Contract Address)

2. **Phishing and Authorization**: The attacker tricked three multisig wallet signers into authorizing a transaction that upgraded the Safe's implementation contract to the malicious version.

3. **Execution of Delegate Call**: The transaction executed a delegate call to the attacker's contract, modifying the storage slot that defines the implementation contract address, effectively redirecting it to the malicious contract.

4. **Fund Drainage**: Utilizing backdoor functions within the malicious contract, the attacker drained the wallet's funds.

Vulnerability Analysis

The breach stemmed from a phishing attack that compromised wallet signers, leading to the unauthorized contract upgrade. The attacker masked the malicious transaction, making it appear legitimate in the Safe{Wallet} UI, while altering the data sent to the Ledger devices. This highlights the critical need for:

- **Device Security**: Implementing strict endpoint security policies and using dedicated devices for transaction signing.
- **Vigilant Transaction Verification**: Ensuring signers meticulously verify transaction details on hardware wallets before approval.

Mitigation Strategies

To prevent similar incidents, organizations should consider:

- **Enhanced Device Security**: Employing endpoint detection and response solutions and using dedicated, possibly air-gapped, devices for critical operations.
- **Phishing Awareness and Training**: Conducting regular phishing simulations and red team exercises to bolster resilience against social engineering attacks.
- **Comprehensive Transaction Verification**: Encouraging the use of non-visual interfaces, such as command-line tools, and ensuring thorough verification of transaction details on hardware devices.

This incident underscores the escalating sophistication of cyber attacks within the cryptocurrency sector and the imperative for robust security measures to safeguard digital assets.

[Source: CertiK - Bybit Incident Technical Analysis]