CZ Criticizes Bybit Audit Report and Safe Wallet’s Response to Lazarus Group Attack

Binance founder Changpeng Zhao (CZ) has just publicly criticized the audit report related to the Bybit hack. The hack was allegedly orchestrated by the notorious Lazarus Group. The audit concluded that the breach stemmed from Safe{Wallet}’s compromised developer machine rather than Bybit’s systems. However, CZ found the explanation unsatisfactory, raising pointed questions that the audit failed to answer.

This incident has sent shockwaves through the crypto community, sparking concerns about security practices among wallet providers and exchanges. The case also underscores the growing threat of sophisticated state-sponsored hacking groups like Lazarus, known for exploiting weaknesses in the crypto ecosystem.

Safe Wallet’s Official Statement on the Bybit Audit Report

Safe{Wallet} released an official statement addressing the hack that led to a staggering $1.4 billion loss from an account operated by Bybit. According to Safe, forensic investigations concluded that the Lazarus Group executed a targeted attack by compromising a Safe{Wallet} developer machine. This compromise allowed the hackers to propose a disguised malicious transaction that ultimately affected Bybit’s account.

Read Also: Bybit Security Breach: $335 Million Laundered as $900 Million in Stolen Funds Remain Unmoved

Key highlights from Safe{Wallet}’s statement include:

• No Vulnerability in Smart Contracts: The forensic review found no issues in Safe’s smart contracts, frontend source code, or services. The attack vector was specifically linked to the compromised developer machine.
• Lazarus Group’s Involvement: The Lazarus Group, a North Korean state-sponsored hacking collective, is infamous for its advanced social engineering tactics and occasional use of zero-day exploits. Their ability to breach the developer machine suggests the use of highly sophisticated methods.
• Mitigation Steps Taken: Safe{Wallet} claims it has:
  • Fully rebuilt and reconfigured its infrastructure.
  • Rotated all credentials.
  • Rolled out additional security measures on the Ethereum mainnet.
  • Initiated an industry-wide initiative aimed at enhancing transaction verifiability.
• Ongoing Investigation: While a complete post-mortem is pending, Safe urges users to remain vigilant, especially when signing transactions.

Read Also: Bybit Hack Shakes Crypto World: $1.4 Billion in Ethereum Vanishes Overnight

CZ Criticizes Bybit Audit Report: Raises Crucial Questions

CZ’s response to the audit report has added another layer of scrutiny. Although he rarely comments on competitors, CZ took to social media to express his dissatisfaction, stating:

CZ’s main criticisms and questions include:

1. Nature of the Compromise:
   • What exactly does “compromising a Safe {Wallet} developer machine” mean?
     CZ questions whether the breach involved social engineering, malware, or some other tactic. Understanding this is crucial, as it would help other wallet providers avoid similar vulnerabilities.
2. Access to Bybit Accounts:
   • How did a developer’s machine gain access to an account operated by Bybit?
     CZ raises concerns about whether malicious code was deployed directly from a developer’s environment to production, highlighting potential flaws in deployment security protocols.
3. Ledger Verification Process:
   • How did the attackers bypass multiple Ledger verification steps?
     CZ probes whether the issue stemmed from blind signing or a failure of the signers to properly verify transactions.
4. Target Selection:
   • Was $1.4 billion the largest target available? Why didn’t the attackers target others?
     This question hints at the possibility of deeper vulnerabilities and whether this attack was part of a broader strategy.
5. Lessons for the Industry:
   • What can other self-custody, multi-sig wallet providers learn from this breach?
     CZ calls for actionable insights that can bolster industry-wide security standards.

Bybit Hack and Audit Report. What Can Incustry Learn?

1. Developer Machine Security

The attack highlights the critical role developer environments play in security. Even with robust smart contracts, a single compromised machine can jeopardize billions. Developers must implement strict access controls and continuously monitor their systems for potential breaches.

2. Ledger Verification Best Practices

CZ’s questions about Ledger verification point to the need for stricter transaction validation protocols. Multi-sig wallets are trusted for their layered security, but human error during the signing process remains a weak link.

3. The Lazarus Threat

The Lazarus Group’s involvement is a stark reminder that state-sponsored cyberattacks are a significant threat to the crypto industry. These groups possess the resources and expertise to conduct complex, multi-stage attacks, making robust cybersecurity measures non-negotiable.

4. Transparency in Post-Mortems

CZ’s criticism also underscores the need for greater transparency in post-incident reports. Users and industry players rely on these reports to understand risks and implement necessary safeguards.

Industry-Wide Security Needs a Rethink

The recent Bybit hack and CZ’s criticism of the audit report should serve as a wake-up call. While Safe{Wallet} claims its smart contracts were unaffected, the attack’s success due to a compromised developer machine reveals a critical gap in security practices. CZ’s pointed questions reflect the broader concerns of the crypto community regarding transparency, accountability, and robust security protocols.

As Safe{Wallet} pledges to spearhead initiatives aimed at improving transaction verifiability, the industry must collaborate to enhance overall resilience. Security in the crypto ecosystem is only as strong as its weakest link, and in this case, the link was alarmingly fragile.