- Former Binance CEO Changpeng Zhao has criticized a recent forensic report on the $1.5 billion Bybit security breach
- Zhao questioned how hackers infiltrated Bybit’s systems and the role of wallet provider Safe in the incident
- The Binance founder called the report “not that great” and said it left him with “more questions” than answers
In the wake of the record-breaking $1.5 billion security breach at Bybit, Binance founder Changpeng Zhao has expressed concerns over the clarity of Safe’s forensic report on the incident. Safe published its report yesterday, but Zhao has questioned the methods used by hackers to infiltrate Bybit’s systems and the effectiveness of Safe’s security measures. Like others, Zhao was left with “more questions” over the hack following report, which he called “not that great.”
Safe is Far From That
Safe, maker of the Safe Wallet, is in charge of Bybit’s cold storage, and following last weekend’s hack, the crypto world naturally wanted to know what had happened. Safe released a forensic report detailing the breach, which it summarized in an X article which it barely discussed the hack, focusing instead on how its other products remained unaffected, revealing only a tiny detail regarding the method of entry:
The forensic review into the targeted attack by the Lazarus Group on Bybit concluded that this attack targeted to the Bybit Safe was achieved through a compromised machine of a Safe{Wallet} developer resulting in the proposal of a disguised malicious transaction.
Zhao, for one, was not impressed, stating in his own X post that the report lacked specificity and criticized its vague language:
I usually try not to criticize other industry players, but I still do it once in a while. 😂
This update from Safe is not that great. It uses vague language to brush over the issues. I have more questions than answers after reading it.
Zhao went on to raise several pertinent questions:
- How did the attackers gain control of a Safe Wallet developer’s machine?
- What allowed a developer system to interact with Bybit’s accounts?
- Did the attackers exploit blind signing or bypass Ledger’s security processes?
- Why was an address managing $1.4 billion specifically targeted?
These questions underscore Zhao’s concerns about potential vulnerabilities in Safe’s security infrastructure and the need for a more transparent and detailed explanation of the breach.
Zhao Offers Support
In response to the incident, Zhao suggested that Bybit consider halting all withdrawals temporarily as a standard security precaution to prevent further potential losses:
Not an easy situation to deal with. Might suggest to halt all withdrawals for a bit as a standard security precaution. Will provide any assistance if needed. Good luck.
Bybit’s CEO, Ben Zhou, has reassured users that the exchange remains solvent and that all client assets are backed 1:1. He emphasized that even if the lost funds are not recovered, Bybit can cover the losses, highlighting the company’s robust financial standing.
