PANews reported on February 26 that Bybit co-founder and CEO Ben Zhou published a hacker forensics report provided by Sygnia and Verichains on the X platform, which revealed that the malicious code was deployed at 15:29:25 UTC on February 19, specifically targeting Bybit's Ethereum multi-signature cold wallet. A forensic review of the targeted attack launched by the Lazarus Group on Bybit concluded that the attack on Bybit Safe was achieved through a compromised Safe{Wallet} developer machine, resulting in disguised malicious transactions. Lazarus is a government-backed North Korean hacker group known for complex social engineering attacks on developer credentials, sometimes combined with zero-day vulnerabilities. Forensic reviews by external security researchers did not indicate any vulnerabilities in the source code of the Safe smart contract or front-end and services.