An independent audit confirmed that the Lazarus Group of North Korea infiltrated the infrastructure of Safe to compromise on Bibit’s Etharium Wallet.
A forensic analysis conducted by Signia Labs and Verichane found that the safety integrity of the bibit continued on 21 February despite the attack on its Atherium (ETH) cold wallet.
The Dubai-based Crypto Exchange reported over 400,000 atherium theft from its safe-dated multi-signature wallet last week. Initial speculation suggested that a signator of Bibit was compromised by Lazarus. However, the post mortem audit discovered the root cause for a safe developer machine.
“He swaps Ganosis Safe UI with JS Code, which only targets the cold wallet of Bibit,” Haseeb Qureshi, Managing Partner in Dragonfly Explained,
This means that Lazarus successfully compromised a safe developer with access to specific Frontadayanogenesis Credentials, allowing bad actors to dissolve malicious transactions.
Safe accepted the conclusions, confirming that the safety of the buybit continued, confirming the vector of the attack. The protocol also said that its internal investigation did not find any weaknesses in a smart contract or source code.
After the recent incident, Safe {Wallet} team completely examined and now restored safe {wallet} on the atherium mannet with a phased rollout. The safe team has completely rebuilt, re -organized all infrastructure, and all credentials are rotated, making sure that the attack vector is completely finished.
Secure post mortem
The team behind Safe, Ganosis co-founder Martin Koopelman thanked Bite CEO Ben Zhou for his leadership during the crisis. Koeppelmann emphasized the need for additional safety layers and reduced dependence on web 2 technology to prevent similar events in the future.
