you misread my post (mea culpa) - it's not important whether they stole ETH, BTC, SOL or whatnot - it's not a failure of the asset itself obviously - what I meant was that events like this will help people understand that exchanges are not only the weak centralized spots of the ecosystem but also a reason why most shitcoins have life longer than a mayfly and why so many people get burned massively
Our valued sponsor
ByBit hacked 1,4billions $ stolen ( in ETH).
- Thread starter toums
- Start date
To those saying it was not a real hack, the postmortem audit has been published
It totally checks out.
Awaiting those who are sure this is not what it looks like, to back up their claims.
I like this forum for its refreshing non-propaganda view points, but sometimes it feels people are just happy to wear tinfoil hats and spin stories
I have firsthand witnessed crypto hacks of mindblowing amounts from the inside (thankfully never to me) and can certainly tell you i know those people were left with nothing (and sometimes massive psychological trauma) after the hacks. Even when reddit and twitter were awash with conspiracy theories.
Thus would like those claiming an inside job or whatever to back up their claims and also comment on this audit, if their cybersec knowledge permits to intelligently assess it
It totally checks out.
Awaiting those who are sure this is not what it looks like, to back up their claims.
I like this forum for its refreshing non-propaganda view points, but sometimes it feels people are just happy to wear tinfoil hats and spin stories
I have firsthand witnessed crypto hacks of mindblowing amounts from the inside (thankfully never to me) and can certainly tell you i know those people were left with nothing (and sometimes massive psychological trauma) after the hacks. Even when reddit and twitter were awash with conspiracy theories.
Thus would like those claiming an inside job or whatever to back up their claims and also comment on this audit, if their cybersec knowledge permits to intelligently assess it
*putting my tin foil cap on* that story about some Safe Wallet developer whose computer was hacked means that the whole Safe Wallet ecosystem is being developed by one person, so after some evil (((North Korean))) hacker uploaded the malicious code from that developer's machine nobody has noticed that.
nobody reviewed the code, nobody saw the evil commit, they don't use any version control system or any deployment system, just a single developer with absolute control over the website.
if this is not an inside job then everybody must withdraw their money from Bybit as soon as possible.
I get the skepticism about conspiracy theories, but in this case, dismissing insider involvement seems premature. The Verichains and Sygnia reports lay out a clear, sophisticated attack, but they also leave questions unanswered.
This wasn’t some random, opportunistic exploit. The malicious JavaScript injected into Safe.Global’s AWS S3 bucket wasn’t just tampering with transactions generically; it was hardcoded to specifically target Bybit’s multisig wallet and its signers. That level of precision suggests not just extensive pre-exploitation reconnaissance, but also insider knowledge of Bybit’s cold wallet structure and internal procedures.
A few things stand out:
- How did the attackers gain privileged access? Modifying production JavaScript files on Safe.Global requires either an API key, hijacking of admin access, or social engineering of someone with access. The reports confirm that Safe.Global’s S3 bucket was compromised, but they don’t explain how that access was obtained, arguably the most crucial part of the attack chain.
- The attackers waited until a high-value contract upgrade transaction was happening before executing the attack. That’s not the kind of timing you get from an external scan alone; it suggests someone either inside or very close to the operation had advance knowledge of Bybit’s transaction schedule.
- The malicious script was uploaded shortly before the high-value transaction, reinforcing the idea that the attackers weren’t just sitting on their access; they knew exactly when to act.
- Within two minutes of the 'heist', the malicious JavaScript files on Safe.Global were reverted back. That’s an incredibly fast response, which again proves their meticulous planning.
So, yes, it was a legitimate hack, I never denied that or doubted nation-state involvement. But that doesn’t rule out an insider role, either through direct involvement or negligence.
It’s easy to say "where’s the proof of an inside job?" but the better question is: where’s the proof that this wasn’t at least partly facilitated by someone on the inside? There are too many unanswered questions, including:
Safe.Global is probably in full damage-control mode right now. I doubt we’ll get more transparency anytime soon, at least not until their PR team figures out how to spin this into the usual "this could have happened to anyone" narrative.
Until these gaps are explained, skepticism about an insider angle isn’t tinfoil-hat territory, it’s just paying attention to what hasn’t been answered yet.
This wasn’t some random, opportunistic exploit. The malicious JavaScript injected into Safe.Global’s AWS S3 bucket wasn’t just tampering with transactions generically; it was hardcoded to specifically target Bybit’s multisig wallet and its signers. That level of precision suggests not just extensive pre-exploitation reconnaissance, but also insider knowledge of Bybit’s cold wallet structure and internal procedures.
A few things stand out:
- How did the attackers gain privileged access? Modifying production JavaScript files on Safe.Global requires either an API key, hijacking of admin access, or social engineering of someone with access. The reports confirm that Safe.Global’s S3 bucket was compromised, but they don’t explain how that access was obtained, arguably the most crucial part of the attack chain.
- The attackers waited until a high-value contract upgrade transaction was happening before executing the attack. That’s not the kind of timing you get from an external scan alone; it suggests someone either inside or very close to the operation had advance knowledge of Bybit’s transaction schedule.
- The malicious script was uploaded shortly before the high-value transaction, reinforcing the idea that the attackers weren’t just sitting on their access; they knew exactly when to act.
- Within two minutes of the 'heist', the malicious JavaScript files on Safe.Global were reverted back. That’s an incredibly fast response, which again proves their meticulous planning.
So, yes, it was a legitimate hack, I never denied that or doubted nation-state involvement. But that doesn’t rule out an insider role, either through direct involvement or negligence.
It’s easy to say "where’s the proof of an inside job?" but the better question is: where’s the proof that this wasn’t at least partly facilitated by someone on the inside? There are too many unanswered questions, including:
- How Safe.Global’s S3 credentials were compromised (was it phishing? A rogue employee? A vulnerable third-party provider?)
- How the attackers knew when to strike and which wallets to target.
- Why is there no evidence of Bybit being compromised?
- Why was the malicious JavaScript not detected before the attack?
Safe.Global is probably in full damage-control mode right now. I doubt we’ll get more transparency anytime soon, at least not until their PR team figures out how to spin this into the usual "this could have happened to anyone" narrative.
Until these gaps are explained, skepticism about an insider angle isn’t tinfoil-hat territory, it’s just paying attention to what hasn’t been answered yet.
Maybe Edward Jenner finally hit the jackpot.One short question, I recently found approx. 1.4 billion USD in ETH and stETH. Unfortunately I have no SOF.
Any ideas how to cash it out with no questions asked?
It's urgent!
Joking aside.
This large amount can never be used by the thieves. There will always be queries about SOF.
And sooner or later they will make a mistake.
https://www.trmlabs.com/post/the-bybit-hack-following-north-koreas-largest-exploit
"Initially, portions of the stolen Ethereum were routed through networks such as Binance Smart Chain and Solana, but the majority has now been converted directly into Bitcoin. Despite the swift movement of assets, most of the converted Bitcoin remains largely stationary, suggesting that the hackers are preparing for large-scale liquidation or further obfuscation through over-the-counter (OTC) networks."
It is crazy how fast this amount is being moved, proves again that BTC and its alternative ecosystem are strong and viable.
"Initially, portions of the stolen Ethereum were routed through networks such as Binance Smart Chain and Solana, but the majority has now been converted directly into Bitcoin. Despite the swift movement of assets, most of the converted Bitcoin remains largely stationary, suggesting that the hackers are preparing for large-scale liquidation or further obfuscation through over-the-counter (OTC) networks."
It is crazy how fast this amount is being moved, proves again that BTC and its alternative ecosystem are strong and viable.
He doesn’t need to hack anyone, as he prints the best usd bills, undetectable as fake.
I will sort of deny what I posted as a I had an interesting discussion about this incident which led me to digging into it a bit more and I found this short video that provides an interesting angle of view on ETH and why it was/is more likely that such incidents happen on ETH network
for those interested take it as an input - I don't claim anything as I don't care about Bybit, ETH and alike - perhaps one more valid point to BTC ossification discussion
Only three addresses left with some ETH in, 10k went to 40 different addresses.
https://etherscan.io/accounts/label...id=undefined&size=25&start=0&col=2&order=desc
https://etherscan.io/accounts/label...id=undefined&size=25&start=0&col=2&order=desc
Similar threads
Latest Threads
-
Best bank account for a Cyprus Ltd which is a consulting business?
- Started by A Rebours
- Replies: 6
-
Trusted List of service providers, exclusive for Mentor Group Gold members!- Started by JohnLocke
- Replies: 3
-
-
-
Dubai Golden Visa Bank Deposit - Crypto
- Started by bwy
- Replies: 4