Bybit Multisig Blind Signing Hack: A $1.5 Billion Supply Chain Compromise via Safe{Wallet} Frontend Manipulation

Attack: Bybit Multisig Blind Signing Hack | Loss: $1,500,000 | Type: supply chain | Chain: Ethereum

Executive Summary

On February 21, 2026, attackers affiliated with North Korea's Lazarus Group compromised the Safe{Wallet} web application to inject malicious code that altered transaction data presented to Bybit's multisig signers. The manipulated interface displayed a routine cold wallet top-up transaction while the underlying payload contained a delegatecall to a malicious implementation contract, effectively transferring ownership of Bybit's Ethereum cold wallet to the attacker. Bybit employees approved the transaction on Ledger hardware wallets that could not render the full multisig transaction details, signing blind. The resulting $1.5 billion theft — predominantly in ETH and liquid staking derivatives — represents the single largest crypto security incident on record and fundamentally exposes the systemic fragility of multisig operations that rely on opaque frontend interfaces and hardware wallets incapable of parsing complex transaction payloads.

What Happened

The attack began well before execution day. Lazarus Group operatives targeted the infrastructure serving the Safe{Wallet} web frontend — specifically, the JavaScript resources loaded when Bybit's treasury team accessed the Safe multisig management interface. The compromise was surgical: malicious code was injected into the frontend bundle served to Bybit's specific Safe multisig address. Other Safe users were unaffected. This targeting precision indicates prior reconnaissance, likely including identification of Bybit's cold wallet Safe address and the IP ranges or sessions associated with their treasury operations.

On February 21, Bybit's treasury team initiated what they believed was a routine transfer from the exchange's primary Ethereum cold wallet — a Safe multisig requiring multiple Ledger hardware wallet signatures. The Safe{Wallet} interface rendered the transaction as a standard ETH transfer to a known Bybit hot wallet address. Every visual element the signers reviewed on-screen appeared legitimate: correct destination address, expected amount, normal gas parameters. There was no visible anomaly in the web UI.

However, the actual transaction payload submitted to the blockchain was radically different. The malicious frontend code constructed a delegatecall transaction targeting the Safe proxy's fallback handler, pointing it to an attacker-controlled implementation contract. This implementation contract contained logic to sweep the entire wallet balance to attacker-designated addresses. The critical failure point: when signers confirmed the transaction on their Ledger devices, the hardware wallet screens displayed only a hash or a generic contract interaction prompt — not the decoded transaction details. Ledger devices at the time could not parse and render Safe multisig transaction internals. The signers had no independent means of verifying that what they approved on the hardware wallet matched what the web interface displayed. They signed blind.

Once the requisite number of signatures were collected and the transaction was broadcast, the attacker's malicious implementation contract executed. Approximately $1.5 billion in ETH and various liquid staking tokens (stETH, mETH, cmETH) were transferred out of Bybit's cold wallet in a single transaction. The funds were immediately routed through a complex laundering chain involving dozens of intermediary wallets, cross-chain bridges, and eventually mixing protocols. Bybit detected the unauthorized drain within minutes but the transaction was already finalized on-chain.

Bybit's CEO Ben Zhou publicly acknowledged the breach within hours, confirming that the exchange remained solvent and that customer withdrawals would be honored. Bybit secured bridge financing and emergency liquidity to cover the shortfall. The FBI formally attributed the attack to TraderTraitor, a Lazarus Group subcluster specializing in cryptocurrency theft, within days. On-chain investigators including ZachXBT and Arkham Intelligence traced fund movements in near-real-time, identifying consolidation patterns consistent with prior Lazarus operations including the Ronin Bridge and Horizon Bridge attacks.

The incident triggered an industry-wide reassessment of multisig operational security, particularly the dependency on web-based signing interfaces and the limitations of hardware wallet displays for complex transactions. Safe{Wallet} initiated a full infrastructure audit and implemented additional integrity verification mechanisms. Multiple exchanges announced reviews of their own cold storage signing workflows. The attack demonstrated that even organizations with robust key management — hardware wallets, multisig thresholds, cold storage — remain vulnerable when the verification layer between the signer and the blockchain is compromised.

Kill Chain

1. Reconnaissance & Target Identification — Lazarus operatives identified Bybit's specific Safe{Wallet} multisig address on Ethereum, the signing workflow used by the treasury team, and the infrastructure serving the Safe web frontend. This likely involved social engineering, open-source intelligence from on-chain data, and potentially compromised credentials or insider access to Safe's deployment pipeline.

2. Supply Chain Compromise — Frontend Injection — Attackers injected malicious JavaScript into the Safe{Wallet} web application, specifically targeting sessions associated with Bybit's multisig address. The injected code intercepted transaction construction, replacing the legitimate transaction payload with a delegatecall to an attacker-deployed malicious implementation contract while preserving the visual appearance of a normal transfer in the UI.

3. Blind Signing Exploitation — Bybit treasury personnel reviewed the transaction on the compromised Safe{Wallet} interface, saw expected top-up parameters, and approved the transaction on their Ledger hardware wallets. The Ledger devices displayed opaque contract interaction data (hashed or truncated) rather than decoded transaction details. Multiple signers approved without independent payload verification, meeting the multisig threshold.

4. Execution & Exfiltration — The signed transaction was broadcast to Ethereum mainnet. The delegatecall executed the attacker's implementation contract, which transferred ~$1.5B in ETH, stETH, mETH, and cmETH to attacker-controlled addresses. Funds were immediately dispersed across dozens of wallets and routed through bridges and mixers to obfuscate the trail.

Where Users Failed Themselves

• Bybit signers relied exclusively on the Safe{Wallet} web UI as their source of truth for transaction contents. No independent transaction decoding or verification was performed before signing.
• Multiple signers approved the transaction on Ledger devices despite the hardware wallet being unable to display the decoded multisig payload — pure blind signing. None halted the process to demand human-readable confirmation of the delegatecall target.
• The signing workflow lacked an out-of-band verification step: no secondary system independently decoded and displayed the raw transaction for comparison against the Safe UI. The entire verification chain was single-threaded through the compromised frontend.
• Bybit's operational security protocols did not include integrity verification of the Safe{Wallet} frontend code (e.g., Subresource Integrity checks, reproducible build verification, or a locally hosted and audited instance of the signing interface).
• There was no anomaly detection on the transaction type itself — a delegatecall modifying the Safe's implementation contract is categorically different from a standard ETH transfer and should have triggered automated alerts or signing policy violations.

Prevention Checklist

For individual users

• Never approve a transaction on a hardware wallet that you cannot fully decode and verify on the device screen. If the device shows a hash or generic 'contract interaction' instead of human-readable parameters, refuse to sign.
• Independently decode raw transaction data using a separate, air-gapped tool (e.g., offline transaction decoder, a second machine running a local instance of a trusted ABI decoder) before confirming any multisig signature.
• Treat any signing session where the hardware wallet display does not match expected parameters as a potential compromise — abort and investigate.

For protocols & projects

• Implement transaction simulation and independent payload verification as a mandatory step in all multisig signing workflows. Use services like Tenderly or a self-hosted simulation environment to preview exact on-chain effects before any signature is applied.
• Deploy signing policy enforcement that restricts callable functions on the Safe: whitelist only expected function selectors (e.g., transfer, ERC-20 approve) and block delegatecall to non-pre-approved implementation contracts at the policy layer.
• Self-host and integrity-verify the multisig signing interface. Do not rely on third-party hosted web applications for transaction construction on wallets holding material value. Pin frontend builds and verify hashes before each signing session.
• Require time-delayed execution for high-value transactions with mandatory review periods, allowing automated monitoring systems to flag anomalous payloads before finalization.
• Enforce n-of-m signing across geographically and temporally separated sessions — not all signers in the same room, same session, same UI instance.

Key Takeaway

A multisig is only as secure as the signer's ability to independently verify what they are signing. If your hardware wallet cannot display the full decoded transaction and you rely on a web interface as your sole source of truth, you have a single point of compromise — and Lazarus will find it.

Sources

• FBI Public Service Announcement — TraderTraitor attribution of Bybit theft (FBI.gov, February 2026)
• Bybit official incident disclosure and CEO Ben Zhou public statements (Bybit.com, February 21, 2026)
• Safe{Wallet} post-incident analysis and infrastructure audit report (Safe.global, March 2026)
• ZachXBT on-chain investigation thread tracing Lazarus fund movements (Twitter/X, February 2026)
• Arkham Intelligence on-chain forensics dashboard — Bybit exploit fund flow (Arkham, February 2026)
• Slowmist technical analysis of the Bybit Safe multisig exploit transaction (Slowmist.com, February 2026)
• Ledger blind signing limitations and EIP-712 support documentation (Ledger.com)

ZeroTraceLabs — zero-trust crypto security. zerotracelabs.xyz