Vitor Pamplona on Nostr: The wallet that assembled the transaction is a web wallet. Months ago, the web ...
The wallet that assembled the transaction is a web wallet. Months ago, the web wallet's host, Amazon S3, was breached and a single JavaScript file was slightly modified from the original source code, which is available for everybody to see. The modification changes the recipient ONLY when ByBit's cold wallet is being used.
ByBit then took the assembled version with the malicious code and signed with all their multisig cold signers without verifying that the receiving address has been changed to the attacker.
Published at
2025-02-26 16:33:56Event JSON
{
"id": "d332b31e7a08e41a2870badb0a8a45a0031c2aa009d12dab1512657cc1dfecdc",
"pubkey": "460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c",
"created_at": 1740587636,
"kind": 1,
"tags": [
[
"alt",
"A short note: The wallet that assembled the transaction is a web..."
],
[
"e",
"e0d615bc9ef6f86be37c074edcc2bd36abdb220462818fe7808bf7c421ba5c9b",
"ws://192.168.18.7:7777",
"root"
],
[
"e",
"92fbe4d7c5e316ea028e83e28c8c870cf21a451d3aaf5a9a40be67c8768467e7",
"wss://nos.lol/",
"reply",
"52d1e85c613f7c259e9fd7c66538e8241f0f36d6ee43cdf8302ea3afc3bcd19c"
],
[
"p",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c",
"wss://vitor.nostr1.com/"
],
[
"p",
"52d1e85c613f7c259e9fd7c66538e8241f0f36d6ee43cdf8302ea3afc3bcd19c",
"wss://nos.lol"
]
],
"content": "The wallet that assembled the transaction is a web wallet. Months ago, the web wallet's host, Amazon S3, was breached and a single JavaScript file was slightly modified from the original source code, which is available for everybody to see. The modification changes the recipient ONLY when ByBit's cold wallet is being used.\n\nByBit then took the assembled version with the malicious code and signed with all their multisig cold signers without verifying that the receiving address has been changed to the attacker.",
"sig": "d307256ef6d020fccfeae073496d8d7ce8887a838938f3b844428319367ce6ee0617cd7ef83b735f13df521e09cca8e546d4633d008233dd6ad56910c1d85126"
}
