The Midcurve Guide to the Bybit/Safe Exploit
Explain Again Ep 2
If you sign Safe transactions and your level of paranoia shot up after the $1.5bn @Bybit_Official hack, Episode 2 of @explainagain is for you.
I present a visuals-heavy episode to explain how it happened, and demo tools that you can use to stay safe. 🖼️
🧩 Part 1: The Web2 Attack Path
We go deep with a security expert to trace how attackers got in through social engineering and security fatigue. Yes, even motivated and well-resourced teams can slip.
🔗 Part 2: The Web3 Attack Path
A protocol architect explains @safe’s proxy architecture and how it was exploited. We map the full lifecycle of a Safe multisig transaction, pointing out where attackers can find an edge in.
🔐 Part 3: Trusting the Hardware
Why do we trust hardware so much today? Should we?
We discuss secure elements, secure boot, and root of trust. Speaking with a hardware engineer, we break down the trust model behind Ledger, Trezor, and Keystone.
🛠️ Part 4: Tool Demos (coming soon)
We demo tools to ensure your Safe transactions are exactly what you intend.
Featuring @OpenZeppelin’s fork of Pascal’s hash checker @pcaversaccio, @TenderlyApp to simulate transactions, Foundry’s cast tool to generate calldata, and a transaction decoder by @rimeissner. Our stack: @Rabby_io + @KeystoneWallet, @MetaMask + @Ledger.
However - so many tools, so much confusion!! I painstakingly created a spreadsheet to organize the chaos, which you can use as a template. Part 4 to be released in a few days.
LINKS
🎧 Episode playlist:
🎁 Episode resources: https://github.com/ml-sudocode/explainagain/blob/main/episode-002/resources.md
✅Tx checker spreadsheet