A forensic investigation by Sygnia found that malicious JavaScript code was injected into Safe Wallet’s AWS S3 bucket.
Chrome cache analysis confirmed the compromised JavaScript, with the code removed from Safe Wallet’s resources two minutes after the attack.
Ben Zhou, Co-Founder and CEO of Bybit
Cryptocurrency exchange Bybit experienced a security breach
resulting in the unauthorized transfer of over $1.4 billion in liquid-staked
Ether (ETH) and MegaETH (mETH). The exchange reported unauthorized access to
one of its Ethereum cold wallets on February 21, 2025.
The incident took place during a multisignature transaction
facilitated through Safe Wallet. A threat actor intercepted the process,
altered the transaction, and gained control of the wallet. The attacker then
transferred the funds to a separate wallet under their control.
Following the discovery, Bybit engaged cybersecurity firm
Sygnia to conduct a forensic investigation. The investigation aimed to
determine the source of the compromise, assess the extent of the attack, and
implement measures to prevent future incidents.
Investigation Findings
The forensic analysis identified that malicious JavaScript
code had been injected into a resource served from Safe Wallet’s AWS S3 bucket.
The modification timestamp and historical web records suggest that the code was
added on February 19, 2025, two days before the unauthorized transaction.
The injected code was designed to manipulate transaction
data during the signing process. It activated only when the transaction
originated from specific contract addresses, including Bybit’s contract and
another unidentified address. This suggests that the attacker had predefined
targets for the exploit.
Safe Wallet JavaScript Modified Before Attack
Forensic examination of Chrome browser cache files from the
three signers’ systems confirmed the presence of the compromised JavaScript
resource at the time of the transaction. These files indicated that the Safe Wallet
resource was last modified shortly before the attack.
Further analysis revealed that two minutes after the
fraudulent transaction was executed, new versions of the affected JavaScript
files were uploaded to SafeWallet’s AWS S3 bucket, removing the injected code.
This suggests an attempt to conceal the unauthorized modification.
Snippet from a JavaScript resources cache, showing the file’s header, Source: Bybit
Public web archives captured two snapshots of Safe Wallet’s
JavaScript resources on February 19, 2025. The first snapshot contained the
original, unaltered version, while the second snapshot showed the presence of
the malicious code. This further supports the conclusion that the attack
originated from Safe Wallet’s AWS infrastructure.
No Evidence of Bybit Infrastructure Breach
At this stage, the forensic investigation has not found any
evidence of a compromise within Bybit’s own infrastructure. The unauthorized
access appears to have been facilitated through vulnerabilities in SafeWallet’s
systems. Bybit and Sygnia are continuing their investigation to confirm the
findings and assess any additional risks.
“The preliminary forensic review finds that our system
was not compromised. While this incident underscores the evolving threats in
the crypto space, we are taking proactive steps to reinforce security and
ensure the highest level of protection for our users,” said Ben Zhou,
Co-founder and CEO of Bybit.
Cryptocurrency exchange Bybit experienced a security breach
resulting in the unauthorized transfer of over $1.4 billion in liquid-staked
Ether (ETH) and MegaETH (mETH). The exchange reported unauthorized access to
one of its Ethereum cold wallets on February 21, 2025.
The incident took place during a multisignature transaction
facilitated through Safe Wallet. A threat actor intercepted the process,
altered the transaction, and gained control of the wallet. The attacker then
transferred the funds to a separate wallet under their control.
Following the discovery, Bybit engaged cybersecurity firm
Sygnia to conduct a forensic investigation. The investigation aimed to
determine the source of the compromise, assess the extent of the attack, and
implement measures to prevent future incidents.
Investigation Findings
The forensic analysis identified that malicious JavaScript
code had been injected into a resource served from Safe Wallet’s AWS S3 bucket.
The modification timestamp and historical web records suggest that the code was
added on February 19, 2025, two days before the unauthorized transaction.
The injected code was designed to manipulate transaction
data during the signing process. It activated only when the transaction
originated from specific contract addresses, including Bybit’s contract and
another unidentified address. This suggests that the attacker had predefined
targets for the exploit.
Safe Wallet JavaScript Modified Before Attack
Forensic examination of Chrome browser cache files from the
three signers’ systems confirmed the presence of the compromised JavaScript
resource at the time of the transaction. These files indicated that the Safe Wallet
resource was last modified shortly before the attack.
Further analysis revealed that two minutes after the
fraudulent transaction was executed, new versions of the affected JavaScript
files were uploaded to SafeWallet’s AWS S3 bucket, removing the injected code.
This suggests an attempt to conceal the unauthorized modification.
Snippet from a JavaScript resources cache, showing the file’s header, Source: Bybit
Public web archives captured two snapshots of Safe Wallet’s
JavaScript resources on February 19, 2025. The first snapshot contained the
original, unaltered version, while the second snapshot showed the presence of
the malicious code. This further supports the conclusion that the attack
originated from Safe Wallet’s AWS infrastructure.
No Evidence of Bybit Infrastructure Breach
At this stage, the forensic investigation has not found any
evidence of a compromise within Bybit’s own infrastructure. The unauthorized
access appears to have been facilitated through vulnerabilities in SafeWallet’s
systems. Bybit and Sygnia are continuing their investigation to confirm the
findings and assess any additional risks.
“The preliminary forensic review finds that our system
was not compromised. While this incident underscores the evolving threats in
the crypto space, we are taking proactive steps to reinforce security and
ensure the highest level of protection for our users,” said Ben Zhou,
Co-founder and CEO of Bybit.
Retail Investors Tap Trillion-Dollar Reinsurance Markets via Tokenized DeFi Platforms
Marketing in 2026 Audiences, Costs, and Smarter AI
Marketing in 2026 Audiences, Costs, and Smarter AI
As brokers eye B2B business and compete with fintechs and crypto exchanges alike, marketers need to act wisely with often limited budgets. AI can offer scalable solutions, but only if used properly.
Join seasoned marketing executives and specialists as they discuss the main challenges they identify in financial services in 2026 and how they address them.
Attendees of this session will walk away with:
- A nuts-and-bolts account of acquisition costs across platforms and geos
- Analysis of today’s multi-layered audience segments and differences in behaviour
- First-hand account of how global brokers balance consistency and local flavour
- Notes from the field about intelligently using AI and automation in marketing
Speakers:
-Yam Yehoshua, Editor-In-Chief at Finance Magnates
-Federico Paderni, Managing Director for Growth Markets in Europe at X
-Jo Benton, Chief Marketing Officer, Consulting | Fractional CMO
-Itai Levitan, Head of Strategy at investingLive
-Roberto Napolitano, CMO at Innovate Finance
-Tony Cross, Director at Monk Communications
#fmls #fmls25 #fmevents #FintechMarketing #AI #DigitalStrategy #Fintech #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
As brokers eye B2B business and compete with fintechs and crypto exchanges alike, marketers need to act wisely with often limited budgets. AI can offer scalable solutions, but only if used properly.
Join seasoned marketing executives and specialists as they discuss the main challenges they identify in financial services in 2026 and how they address them.
Attendees of this session will walk away with:
- A nuts-and-bolts account of acquisition costs across platforms and geos
- Analysis of today’s multi-layered audience segments and differences in behaviour
- First-hand account of how global brokers balance consistency and local flavour
- Notes from the field about intelligently using AI and automation in marketing
Speakers:
-Yam Yehoshua, Editor-In-Chief at Finance Magnates
-Federico Paderni, Managing Director for Growth Markets in Europe at X
-Jo Benton, Chief Marketing Officer, Consulting | Fractional CMO
-Itai Levitan, Head of Strategy at investingLive
-Roberto Napolitano, CMO at Innovate Finance
-Tony Cross, Director at Monk Communications
#fmls #fmls25 #fmevents #FintechMarketing #AI #DigitalStrategy #Fintech #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
Much like their traders in the market, brokers must diversify to manage risk and stay resilient. But that can get costly, clunky, and lengthy.
This candid panel brings together builders across the trading infrastructure space to uncover the shifting dynamics behind tools, interfaces, and full-stack ambitions.
Attendees will hear:
-Why platform dependency has become one of the most overlooked risks in the trading business?
-Buy vs. build: What do hybrid models look like, and why are industry graveyards filled with failed ‘killer apps’?
-How AI is already changing execution, risk, and reporting—and what’s next?
-Which features, assets, and tools gain the most traction, and where brokers should look for tech-driven retention?
Speakers:
-Stephen Miles, Chief Revenue Officer at FYNXT
-John Morris, Co-Founder at FXBlue
-Matthew Smith, Group Chair & CEO at EC Markets
-Tom Higgins, Founder & CEO at Gold-i
-Gil Ben Hur, Founder at 5% Group
#fmls #fmls25 #fmevents #Brokers #Trading #Fintech #FintechInnovation #TradingTechnology #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
Much like their traders in the market, brokers must diversify to manage risk and stay resilient. But that can get costly, clunky, and lengthy.
This candid panel brings together builders across the trading infrastructure space to uncover the shifting dynamics behind tools, interfaces, and full-stack ambitions.
Attendees will hear:
-Why platform dependency has become one of the most overlooked risks in the trading business?
-Buy vs. build: What do hybrid models look like, and why are industry graveyards filled with failed ‘killer apps’?
-How AI is already changing execution, risk, and reporting—and what’s next?
-Which features, assets, and tools gain the most traction, and where brokers should look for tech-driven retention?
Speakers:
-Stephen Miles, Chief Revenue Officer at FYNXT
-John Morris, Co-Founder at FXBlue
-Matthew Smith, Group Chair & CEO at EC Markets
-Tom Higgins, Founder & CEO at Gold-i
-Gil Ben Hur, Founder at 5% Group
#fmls #fmls25 #fmevents #Brokers #Trading #Fintech #FintechInnovation #TradingTechnology #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
Educators, IBs, And Other Regional Growth Drivers
Educators, IBs, And Other Regional Growth Drivers
When acquisition costs rise and AI generated reviews are exactly as useful as they sound, performing and fair partners can make or break brokers.
This session looks at how these players are shaping access, trust and user engagement, and what the most effective partnership models look like in 2025.
Key Themes:
- Building trader communities through education and local expertise
- Aligning broker incentives with long-term regional strategies
- Regional regulation and the realities of compliant acquisition
- What’s next for performance-driven partnerships in online trading
Speakers:
-Adam Button, Chief Currency Analyst at investingLive
-Zander Van Der Merwe, Key Individual & Head of Sales at TD Markets
-Brunno Huertas, Regional Manager – Latin America at Tickmill
-Paul Chalmers, CEO at UK Trading Academy
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #BrokerGrowth #FintechPartnerships #RegionalMarkets
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
When acquisition costs rise and AI generated reviews are exactly as useful as they sound, performing and fair partners can make or break brokers.
This session looks at how these players are shaping access, trust and user engagement, and what the most effective partnership models look like in 2025.
Key Themes:
- Building trader communities through education and local expertise
- Aligning broker incentives with long-term regional strategies
- Regional regulation and the realities of compliant acquisition
- What’s next for performance-driven partnerships in online trading
Speakers:
-Adam Button, Chief Currency Analyst at investingLive
-Zander Van Der Merwe, Key Individual & Head of Sales at TD Markets
-Brunno Huertas, Regional Manager – Latin America at Tickmill
-Paul Chalmers, CEO at UK Trading Academy
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #BrokerGrowth #FintechPartnerships #RegionalMarkets
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
The Leap to Everything App: Are Brokers There Yet?
The Leap to Everything App: Are Brokers There Yet?
As the arms race to bundle investing, personal finance, and wallets under super apps grows fiercer, brokers are caught between a rock and a hard place.
This session explores unexpected ways for industry players to collaborate as consumer habits evolve, competitors eye the traffic, and regulation becomes more nuanced.
Speakers:
-Laura McCracken,CEO | Advisory Board Member at Blackheath Advisors | The Payments Association
-Slobodan Manojlović,Vice President | Lead Software Engineer at JP Morgan Chase & Co.
-Jordan Sinclair, President at Robinhood UK
-Simon Pelletier, Head of Product at Yuh
Gerald Perez, CEO at Interactive Brokers UK
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
As the arms race to bundle investing, personal finance, and wallets under super apps grows fiercer, brokers are caught between a rock and a hard place.
This session explores unexpected ways for industry players to collaborate as consumer habits evolve, competitors eye the traffic, and regulation becomes more nuanced.
Speakers:
-Laura McCracken,CEO | Advisory Board Member at Blackheath Advisors | The Payments Association
-Slobodan Manojlović,Vice President | Lead Software Engineer at JP Morgan Chase & Co.
-Jordan Sinclair, President at Robinhood UK
-Simon Pelletier, Head of Product at Yuh
Gerald Perez, CEO at Interactive Brokers UK
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
Mind The Gap: Can Retail Investors Save the UK Stock Market?
Mind The Gap: Can Retail Investors Save the UK Stock Market?
As the dire state of listing and investment in the UK goes from a financial services problem to a national challenge, the retail investing industry is taken to task.
Join a host of executives and experts for a candid conversation about the future of millions of Brits, as seen from a financial services standpoint:
-Are they happy with the Leeds Reform, in principle and in practice?
-Is it the government’s job to affect the ‘saver’ mentality? Is it doing well?
-What can brokers and fintechs do to spur UK investment?
-How can the FCA balance greater flexibility with consumer protection?
Speakers:
-Adam Button, Chief Currency Analyst at investingLive
-Nicola Higgs, Partner at Latham & Watkins
-Dan Lane, Investment Content Lead at Robinhood UK
-Jack Crone, PR & Public Affairs Lead at IG
-David Belle, Founder at Fink Money
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #RetailInvesting #UKFinance
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
As the dire state of listing and investment in the UK goes from a financial services problem to a national challenge, the retail investing industry is taken to task.
Join a host of executives and experts for a candid conversation about the future of millions of Brits, as seen from a financial services standpoint:
-Are they happy with the Leeds Reform, in principle and in practice?
-Is it the government’s job to affect the ‘saver’ mentality? Is it doing well?
-What can brokers and fintechs do to spur UK investment?
-How can the FCA balance greater flexibility with consumer protection?
Speakers:
-Adam Button, Chief Currency Analyst at investingLive
-Nicola Higgs, Partner at Latham & Watkins
-Dan Lane, Investment Content Lead at Robinhood UK
-Jack Crone, PR & Public Affairs Lead at IG
-David Belle, Founder at Fink Money
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #RetailInvesting #UKFinance
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
