VERDICT —OUT OF SCOPE
Root cause is phishing — victims signed malicious transactions or approvals off-protocol. Contract logic was not the failure surface; user-side wallet hygiene was. Pre-deployment audit cannot catch this class.
▰ METHOD
Safe Multisig wallet Phishing Exploit
PHISHING
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
▰ PROOF OF CONCEPT
DEFIHACKLABS
src/test/2025-02/Bybit_exp.sol
view forked test on github ↗Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Forensic narrative
Classification: Protocol Logic. Technique: Safe Multisig wallet Phishing Exploit. Target type: CEX. Affected chains: Ethereum. Implementation language: Solidity. Funds returned: $1,400,000,000.
Sourced from
DefiLlama Hacks dataset · api.llama.fi/hacks
Technical record
- chain
- ethereum
- protocol
- Bybit
- bug_class
- phishing
- date_occurred
- 2025-02-21
- loss_usd
- $1,400,000,000
- classification
- Protocol Logic
- technique
- Safe Multisig wallet Phishing Exploit
- target_type
- CEX
- language
- Solidity
- source_id
- dl:2286
Related — same bug class· phishing