While multi-sig wallets provide a level of security, they are not without their risks. High-profile breaches have occurred from compromised multi-sig wallets, where the private keys were stored improperly. It is essential to distribute multi-sig private key access among distinct entities.
A multi-sig setup where a single entity holds multiple private keys and stores them in a single location is essentially the same as a single-key wallet. A recommended scenario is distributing access to entities in a way that a single security breach does not lead to the loss of two or more keys.
Malicious JavaScript injected into Safe hosted on AWS
According to Check Point, this attack is especially troubling because it was not a conventional vulnerability that looked for a flaw in the blockchain system or a smart contract. Rather, security researchers have determined that hackers injected malicious JavaScript directly into Safe’ s online infrastructure hosted on AWS. The code was specifically designed to activate only when interacting with Bybit’ s contract address, allowing it to remain undetected by regular users.
Safe is governed by SafeDAO, a decentralized collective of core contributors, backers, GnosisDAO, users, and ecosystem contributors, that is Safe { Guardians }. Safe Multisig is a customisable crypto wallet running on Ethereum that requires a predefined number of signatures to confirm transactions to prevent unauthorized access to the assets stored.
We cannot afford to rely solely on conventional cryptographic models as attacks become increasingly complex.
According to Hacker News, such attacks do not exploit any vulnerability in AWS. Rather, the threat actors take advantage of misconfigurations in victims’ environments that expose their AWS access keys in order to send phishing messages by abusing Amazon Simple Email Service and WorkMail services.
In doing so, the modus operandi offers the benefit of not having to host or pay for their own infrastructure to carry out the malicious activity. It enables the threat actor’ s phishing messages to sidestep email protections since the digital missives originate from a known entity from which the target organization has previously received emails.
According to Check Point, the JavaScript manipulation modified transaction data behind the scenes:
• When Bybit signers accessed the interface, the code identified target addresses
• It silently modified critical transaction parameters including recipient address and operation type
• It preserved the appearance of legitimacy by displaying the original transaction details to signers
INTELLIGENT TECH CHANNELS 41