Odaily News The multi-signature wallet Safe announced on the X platform that the joint security investigation with Mandiant (now part of Google Cloud) has made key progress and confirmed that the February 21 attack was carried out by the North Korean hacker group TraderTraitor (UNC4899), which has previously launched attacks on the crypto industry many times. The hacker gained critical access by invading the computer of the Safe{Wallet} developer and hijacking the AWS session token to bypass multi-factor authentication (MFA). Safe said that although the attack caused some impact, the smart contract was not damaged, the system has been fully reset, and more stringent security measures have been implemented, including:
•Infrastructure reset: Regenerate all credentials, reset the cluster, update keys and secrets, and redeploy container images.
•External access restrictions: Temporarily block external access to trading services, allow only internal communication, and strengthen firewall rules.
•Malicious transaction detection upgrade: Cooperate with Blockaid to strengthen transaction monitoring and add risk markers for Safe account master control upgrades.
• Real-time monitoring enhancements: Improve logging and threat detection capabilities to enable faster response to security incidents.
• Pending transaction cleanup: Clear all pending transactions in the database to prevent potential security risks.
•Optimize UI and security verification tools: Introduce Safe Utils as a third-party transaction verification tool, and plan to provide a Safe{Wallet} version that is completely hosted on IPFS.