Home > Quick > Body

SlowMist: Bybit attackers exploit backdoor functions sweepETH and sweepERC20 in malicious contracts

clock
2025-02-21 17:24:17
SlowMist said on the X platform that the following are some details of the Bybit hackers:
- The malicious implementation contract was deployed at 7:15:23 UTC 2025-02-19: 0xbDd077f651EBe7f7b3cE16fe5F2b025BE2969516;
2025-02-21 14:13:35 UTC, the attacker used three owners to sign a transaction to replace the Safe implementation contract with a malicious one: 0x46deef0f52e3a983b67abf4714448a41dd7ffd6d32d32da69d62081c68ad7882;
- malicious upgrade logic is embedded in STORAGE [0x0] via DELEGATECALL: 0x96221423681A6d52E184D440a8eFCEbB105C7242;
The attackers used the backdoor functions sweepETH and sweepERC20 in the malicious contract to empty the hot wallet.
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
New Tab Page - Desk3 | Plugin
Stay ahead of the game in the cryptocurrency space.