• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia
I'll be writing an article about the wonderful gridplus wallet soon! Stay tuned!
By the way, if you manufacture similar equipment, you can send it to me for review. I finally have a shipping address in the USA!
• https://officercia.mirror.xyz/OJzFborIrcY66RAaQOGB81RCBzey99w_vbtSGKyHpKU
#security #privacy
Date: 2025-02-24
Bug bounty program was added to Remedy:
UFarm Digital
SlowMist published an article detailing the Bybit hack and existing questions. The core is that the Safe front end was tampered with and forged to achieve a deceptive effect. Questions include: Did the attacker obtain internal financial operation information in advance? Was Safe's front-end system hacked? Who initiated the signature request first? How secure is its device? Read more — link
Читать полностью…Good write up by Rekt: https://rekt.news/bybit-rekt/
#security #privacy
All you need to know about Freysa Act IV - create your own AI agent, and stand a chance to win a prize pool of $240K
https://x.com/jinglingcookies/status/1893316084360458453
Additionally:
• Implement a bandwidth monitor (endian, lulu or littlesnitch);
• Use: dangerzone.rocks when working with PDFs;
• For multisig use: safehashpreview.com
#opsec #security
Yet another amazing research on topic: https://x.com/dhkleung/status/1893073663391604753
#security #privacy
Bybit hacker (following the Zachxbt and Arkham - that’s Lazarus) becomes the 14th largest ETH holder, owning approximately 0.42% of total supply—more than Fidelity, Vitalik, and over twice the amount held by the Ethereum Foundation: https://x.com/officer_cia/status/1893038960412131683?s=46
#security #investigation
Which tools you should implement after this Bybit hack? Here they are: https://x.com/officer_cia/status/1893001903572951516?s=46
#security #privacy
ByBit co-founder and CEO Ben Zhou’s Livestream on the latest ETH wallet incident. - Bybit
Читать полностью…Investigation in process: https://x.com/officer_cia/status/1892964815213068750?12
Main thread (ongoing): https://x.com/officer_cia/status/1892957790546677785
#security #privacy
More information in my thread: https://x.com/officer_cia/status/1892957790546677785?s=46
#security #privacy
Important! They did announce some wallet migration/maintaince recently.
Waiting for more news/official statements.
#alert #security
Follow me via Farcaster!
• https://warpcast.com/officercia
3 free invite codes:
B5NFG95Q7
ZH8WZBPIS
NWB0112OY
Type: #multisig #delegateCall
Project: Bybit
Date: 21/01/25
Blockchain: ETH
Problem: Malicious delegate call upgraded storage of the multisig wallet.
The story of one of the biggest exploits in history. In this hack an attacker managed to get a full access to the Gnosis multisig wallet of the Bybit CEX, by receiving signatures from the signers for the malicious delegatecall
. Bybit stated that it has signed malicious data because of the UI compromise, which is the most likely scenario. I can assume that all devices of the signers were compromised to trick them. The signers has approved a seemingly routine ERC-20 transfer as it has appeared on UI, but inside this data there was a delegatecall
to the hacker's implementation, the call has a regular transfer
selector, however the recipient
is hacker address and amount
is 0
.
It's important to mention that Gnosis multisig is using upgradable pattern. When user creates a wallet - a new proxy is created, which sets it's implementation to the masterCopy
address. This address stores all of the wallet logic, and is stored in slot 0. Every time when a user calls his Gnosis multisig wallet (the proxy address), the call is always delegated to the masterCopy
address;
And the hacker, by tricking the signers, was able to take advantage of this upgradable design, with the malicious delegatecall
to his own implementation the hacker has rewritten the masterCopy
address at the storage slot 0 to his own new implementation. After the implementation is changed, the hacker can execute any code, gaining full control over the multisig wallet.
The Hacker:
1) Tricked signers to sign malicious data.
2) Executed a transaction with the signatures, delegatecall
to address controlled by attacker, overwriting slot 0, changing the implementation of the proxy to malicious one.
3) Drained all tokens from the multisig to his wallet.
Discoverer: Lazarus group
Harm: 1.46 B $
link | boost | twitter
Bybit releases blacklisted wallets API to aid recovery program
Bybit is offering a bounty of up to 10% of the stolen funds for white hat hackers who successfully recover crypto from the Lazarus Group.
https://ct.com/e1ql
Much thanks for mentioning my compilation! Check it out here: https://x.com/officer_cia/status/1893001903572951516?s=46
#security #opsec
Bybit offers 10% bounty to anyone who assists in recovering funds from $1.4 billion hack — link | tl;dr
Читать полностью…Stolen money flow: https://x.com/officer_cia/status/1893289356049211886?12
#security #investigation
How GerboxFi secures their multisig: https://x.com/0xmikko_eth/status/1893078876256899426?1
#security #opsec #privacy
North Korea is likely behind the $1.5bn Bybit hack, researchers say
Читать полностью…Safe is working to bring Safe{Wallet} back up, as we still don’t see any indication of compromise. But we want to be 100% sure and do some additional checks together with external security experts before we do so. Without any indication of how the hack happened it’s not prudent to have the UI up.
For now best to use the CLI (if possible) to interact with Safes as this does not depend on any services and can be run locally: https://docs.safe.global/advanced/cli-overview
ByBit CEO confirmed:
- All user funds are safe;
- ByBit Treasury has enough funds to cover full loss;
- They are taking a bridge loan from partners to cover eth for now, already have 80% commitment;
- Withdrawals remain active.
Hey fam, please like so they will notice!
• https://x.com/officer_cia/status/1892986319753593105
Me and @rata0x can help in investigation and recovering stolen assets.
#security #investigation
Bybit CEO Said "Bybit Hot wallet, Warm wallet and all other cold wallets are fine. The only cold wallet that was hacked was $ETH cold wallet. ALL withdraws are NORMAL."
#alert
More information: https://app.blocksec.com/explorer/tx/eth/0x46deef0f52e3a983b67abf4714448a41dd7ffd6d32d32da69d62081c68ad7882?line=2
Follow my thread: https://x.com/officer_cia/status/1892957790546677785
#investigation
My sources confirm it's a security incident
Читать полностью…Rumours: «Seems that Bybit CEX hot wallet just got hacked.
Though, it's a multi-sign $1.5B worth of ETH was withdrawn to the new address and is currently being sold.»
More information: https://x.com/officer_cia/status/1892957601224151331?s=46
#security #alert
Official statement by zkLend team:
We are offering a $500,000 bounty for any verifiable information that leads to the arrest of the hacker and the recovery of all stolen funds.
If you believe you have information on the hacker’s identity, please provide evidence and contact us at info@zklend.com