On February 22, a security incident related to the intrusion into the Bybit Safe cryptocurrency system was revealed on the X platform. SlowMist Cosine shared details about this attack, showing the complexity in exploiting security vulnerabilities. The attack contract was deployed at the address 0xbDd077f651EBe7f7b3cE16fe5F2b025BE2969516 at 7:15:23 (UTC) on February 19, 2025. The attacker used three owners to sign the transaction with the code 0x46deef0f52e3a983b67abf4714448a41dd7ffd6d32d32da69d62081c68ad7882, replacing the deployed Safe contract with a malicious contract at 14:13:35 (UTC) on February 21, 2025. The malicious upgrade logic was embedded in STORAGE[0x0] 0x96221423681A6d52E184D440a8eFCEbB105C7242 through the DELEGATECALL function. The attacker then used backdoor functions like sweepETH and sweepERC20 in the malicious contract to withdraw assets from the hot wallet. This content is for informational purposes only and is not investment advice. Such events remind us of the importance of updating and securing the cryptocurrency sector.