#Bybit released the conclusions of their investigation into how they got rekt for $1.4 billion by North Korea's #LazarusGroup. Summary:
1. (background) Bybit were dumb enough to store billions of dollars in a single wallet contract using software from a company called SafeWallet (a "Gnosis Safe")
2. A dev machine of SafeWallet (name is lol) was compromised by Lazarus and used to access SafeWallet's cloud data stores (S3)
3. malicious JavaScript was pushed to the cloud drive and eventually distributed in a release (?).
4. The malicious JavaScript code targeted specifically the Bybit contract address to change the content of the transaction during the signing / approval process.
* Bybit reports: https://docsend.com/view/s/rmdi832mpt8u93s7#
* Full Statement from SafeWallet: https://x.com/safe/status/1894768522720350673
in a normal world Bybit could probably sue SafeWallet, but I'm sure SafeWallet barely exists as an entity.