Safe Developer Devices Targeted: Malicious Code Injects Transactions

A recent security incident has revealed that devices belonging to developers at Safe have been compromised, enabling malicious code injection into the platform’s front-end interface. This attack intercepted and altered transaction parameters, resulting in a targeted financial theft. Upon thorough investigation, it was confirmed that malicious code had been injected into the JavaScript files of the application’s front-end. Specifically, the associated address (0xbdd077f651ebe7f7b3ce16fe5f2b025be2969516) is linked to a malicious execution contract responsible for siphoning off approximately $1.5 billion in assets from ByBit.