bybit

主要的加密貨幣交易所Bybit已將調查結果發佈到2025年2月21日發生的14億美元以太坊黑客攻擊中，這表明了Seaf Global的Amazon Web Services（AWS）S3或CloudFront帳戶的潛在妥協。

Major cryptocurrency exchange, Bybit, has released findings from its investigation into the $1.4 billion Ethereum hack that occurred on February 21, 21025. The cyber security firms, Sygnia Labs and Verichains, who carried out the investigation for Bybit, suggests that Safe Global’s Amazon Web Services (AWS) S3 or CloudFront account may have been compromised.

主要的加密貨幣交易所Bybit已從調查中發布了調查結果，向21025年2月21日發生的14億美元以太坊黑客hack。網絡安全公司，Sygnia Labs和Verichains和Verichains對Bybit進行了調查服務（ AWS）S3或CloudFront帳戶可能已被妥協。

According to Ben Zhou, Bybit’s CEO, the analysis of its signers’ machines and a malicious JavaScript payload found on the Wayback Archive, suggests that an attacker may have leaked or compromised Safe Global’s AWS account or API key. This alleged compromise allowed attackers to manipulate the Safe Wallet interface and execute a malicious contract upgrade.

據BYBIT首席執行官Ben Zhou表示，對Wayback Archive上發現的簽名機器的分析和惡意的JavaScript有效載荷表明，攻擊者可能已經洩露或妥協了Safe Global的AWS帳戶或API密鑰。據稱的妥協使攻擊者能夠操縱安全的錢包界面並執行惡意合同升級。

Sam McIngvale, an analyst at CertiK, supports the claim that multiple developer devices were compromised, which allowed the attackers to manipulate the Safe wallet front-end to display a legitimate transaction data while sending a malicious data to the ledger for signing.

Certik的分析師Sam Mcingvale支持了多個開發人員設備受到損害的說法，這使攻擊者可以操縱安全的錢包前端，以顯示合法的交易數據，同時將惡意數據發送給Ledger進行簽名。

The breach, which targeted Bybit’s Ethereum cold wallet, occurred when attackers manipulated the Safe Wallet’s user interface (UI) during a routine contract upgrade.

針對Bybit的以太坊冷錢包的漏洞是在攻擊者在常規合同升級期間操縱安全錢包的用戶界面（UI）時發生的。

As Ben Zhou explained in Wu Blockchain Podcast, the signer just saw a masked UI displaying the correct address and the correct transaction data, but it was altered when sent to the Ledger for signing.

正如Ben Zhou在WU區塊鏈播客中解釋的那樣，簽名者剛剛看到一個蒙版的UI顯示了正確的地址和正確的交易數據，但是當發送到分類帳以進行簽名時，它已將其更改。

After the occurrence of the incident, Bybit made sure that they maintain transparency with its users. A third party audit by Hacken confirmed Bybit’s current reserves and according to the CEO of Bybit, the exchange has fully closed the ETH gap and is back to 100% 1:1 on client assets through Merkle tree verification.

事件發生後，Bybit確保他們與用戶保持透明度。 Hacken的第三方審計確認了Bybit的當前儲備，據Bybit的首席執行官稱，該交易所已完全封閉了ETH GAP，並通過Merkle Tree驗證在客戶資產上恢復了100％1：1。