Safe, a major player in the world of cryptocurrency security, recently experienced a high-profile hack orchestrated by the notorious Lazarus group. The hackers managed to infiltrate Safe’s production environment through AWS, inject a malicious script, and manipulate signature transactions.
Hack Record by Lazarus Group: Safe in the Spotlight
Investigations conducted by cybersecurity firms Sygnia and Verichains have revealed that the attack leading to the theft of $1.4 billion in ETH on Bybit was due to compromised access from a Safe developer. The North Korean hacking group, Lazarus, known for its sophisticated cyber attacks, was behind this targeted operation.
The attack did not exploit any vulnerabilities in Safe’s smart contracts, but rather, it targeted a development machine. This allowed the attackers to gain access to Safe’s infrastructure, manipulate the signature process, and validate fraudulent transactions without the knowledge of the signatories.
According to Mudit Gupta, Chief Information Security Officer (CISO) of Polygon Labs, this incident exposes critical shortcomings in access management and monitoring of changes within Safe Wallet. Gupta questions why a single developer had the ability to modify Safe’s production site and why no monitoring mechanisms detected these changes.
The investigation revealed that the hackers exploited this access to infiltrate the production environment through Amazon Web Services (AWS) and modify the content of an S3 bucket. They injected a malicious JavaScript script that altered signature transactions on the Safe Wallet interface, specifically targeting Bybit funds.
Safe Wallet Reacts and Strengthens Security
In response to this attack, Safe Wallet has taken drastic measures to prevent any future incidents. The team has completely rebuilt its infrastructure, reset all access, and implemented additional protection mechanisms. A gradual deployment of Safe on the Ethereum mainnet has been carried out, ensuring the complete elimination of the vulnerability.
In a statement, the Safe Wallet team reaffirmed their commitment to improving transaction verifiability and strengthening the security of their ecosystem. However, they urge users to exercise increased vigilance when signing transactions, emphasizing the importance of individual audits in the face of increasingly sophisticated threats.
A Wake-Up Call for the Crypto Industry
This attack highlights a larger issue: the security of access within web3 infrastructures. Unlike traditional exploits targeting smart contract vulnerabilities, this incident demonstrates that hackers do not need to bypass on-chain code to inflict massive losses. A simple compromise of credentials can be enough to bypass even the most robust protection mechanisms.
While Safe was once considered a robust solution against attacks, this latest hack tarnishes the reputation of this on-chain security giant. Billions of dollars in crypto assets are currently secured using Safe solutions.