bybit

主要的加密货币交易所Bybit已将调查结果发布到2025年2月21日发生的14亿美元以太坊黑客攻击中，这表明了Seaf Global的Amazon Web Services（AWS）S3或CloudFront帐户的潜在妥协。

Major cryptocurrency exchange, Bybit, has released findings from its investigation into the $1.4 billion Ethereum hack that occurred on February 21, 21025. The cyber security firms, Sygnia Labs and Verichains, who carried out the investigation for Bybit, suggests that Safe Global’s Amazon Web Services (AWS) S3 or CloudFront account may have been compromised.

主要的加密货币交易所Bybit已从调查中发布了调查结果，向21025年2月21日发生的14亿美元以太坊黑客hack。网络安全公司，Sygnia Labs和Verichains和Verichains对Bybit进行了调查服务（AWS）S3或CloudFront帐户可能已被妥协。

According to Ben Zhou, Bybit’s CEO, the analysis of its signers’ machines and a malicious JavaScript payload found on the Wayback Archive, suggests that an attacker may have leaked or compromised Safe Global’s AWS account or API key. This alleged compromise allowed attackers to manipulate the Safe Wallet interface and execute a malicious contract upgrade.

据BYBIT首席执行官Ben Zhou表示，对Wayback Archive上发现的签名机器的分析和恶意的JavaScript有效载荷表明，攻击者可能已经泄露或妥协了Safe Global的AWS帐户或API密钥。据称的妥协使攻击者能够操纵安全的钱包界面并执行恶意合同升级。

Sam McIngvale, an analyst at CertiK, supports the claim that multiple developer devices were compromised, which allowed the attackers to manipulate the Safe wallet front-end to display a legitimate transaction data while sending a malicious data to the ledger for signing.

Certik的分析师Sam Mcingvale支持了多个开发人员设备受到损害的说法，这使攻击者可以操纵安全的钱包前端，以显示合法的交易数据，同时将恶意数据发送给Ledger进行签名。

The breach, which targeted Bybit’s Ethereum cold wallet, occurred when attackers manipulated the Safe Wallet’s user interface (UI) during a routine contract upgrade.

针对Bybit的以太坊冷钱包的漏洞是在攻击者在常规合同升级期间操纵安全钱包的用户界面（UI）时发生的。

As Ben Zhou explained in Wu Blockchain Podcast, the signer just saw a masked UI displaying the correct address and the correct transaction data, but it was altered when sent to the Ledger for signing.

正如Ben Zhou在WU区块链播客中解释的那样，签名者刚刚看到一个蒙版的UI显示了正确的地址和正确的交易数据，但是当发送到分类帐以进行签名时，它已将其更改。

After the occurrence of the incident, Bybit made sure that they maintain transparency with its users. A third party audit by Hacken confirmed Bybit’s current reserves and according to the CEO of Bybit, the exchange has fully closed the ETH gap and is back to 100% 1:1 on client assets through Merkle tree verification.

事件发生后，Bybit确保他们与用户保持透明度。 Hacken的第三方审计确认了Bybit的当前储备，据Bybit的首席执行官称，该交易所已完全封闭了ETH GAP，并通过Merkle Tree验证在客户资产上恢复了100％1：1。