PANews reported on February 26 that according to the analysis of the SlowMist security team, Bybit's multi-signature wallet was attacked on February 21, and nearly $1.5 billion in assets were stolen through a "legal signature" transaction. The attacker used social engineering to obtain multi-signature permissions and implanted malicious logic through the delegatecall function of the Safe contract to bypass the multi-signature verification mechanism to complete the fund transfer.

Safe Wallet introduced the Safe Guard mechanism after version 1.3.0, which can perform fine-grained security checks on transactions, such as whitelist verification and high-risk operation restrictions. However, Bybit used version v1.1.1 and failed to enable this key feature. The SlowMist team pointed out that if Bybit had upgraded to version 1.3.0 and properly configured the Guard mechanism, this loss might have been avoided.