SlowMist said on the X platform that the following are some details of the Bybit hackers:
- The malicious implementation contract was deployed at 7:15:23 UTC 2025-02-19: 0xbDd077f651EBe7f7b3cE16fe5F2b025BE2969516;
2025-02-21 14:13:35 UTC, the attacker used three owners to sign a transaction to replace the Safe implementation contract with a malicious one: 0x46deef0f52e3a983b67abf4714448a41dd7ffd6d32d32da69d62081c68ad7882;
- malicious upgrade logic is embedded in STORAGE [0x0] via DELEGATECALL: 0x96221423681A6d52E184D440a8eFCEbB105C7242;
The attackers used the backdoor functions sweepETH and sweepERC20 in the malicious contract to empty the hot wallet.
SlowMist: Bybit attackers exploit backdoor functions sweepETH and sweepERC20 in malicious contracts
2025-02-21 17:24:17
SlowMist platform representation following bybit hacker some crimedesk3cryptocurrencydesktopCrypto News
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
慢雾:Bybit攻击者利用了恶意合约中的后门函数sweepETH与sweepERC20Next article:
Defillama创始人:Bybit黑客事件后用户提现净流出金额已达7亿美元