Odaily News According to a post by the security community Dilation Effect on the X platform, "Compared to previous similar incidents, in the Bybit incident, only one signer was needed to complete the attack, because the attacker used a 'social engineering' technique. Analysis of on-chain transactions shows that the attacker executed a malicious contract's transfer function through delegatecall. The transfer code used the SSTORE instruction to modify the value of slot 0, thereby changing the implementation address of the Bybit cold wallet multi-signature contract to the attacker's address. The transfer here is very clever. It only requires the person/device that initiated the multi-signature transaction to be dealt with. When the subsequent auditors see this transfer, their vigilance will be greatly reduced. Because normal people see transfer and think it is a transfer, who knows that it is actually changing the contract. The attacker's tactics have been upgraded again."