{"type":"rich","version":"1.0","title":"Jameson Lopp wrote","author_name":"Jameson Lopp (npub17u…wt4tp)","author_url":"https://yabu.me/npub17u5dneh8qjp43ecfxr6u5e9sjamsmxyuekrg2nlxrrk6nj9rsyrqywt4tp","provider_name":"njump","provider_url":"https://yabu.me","html":"So the ByBit attack was able to happen because:\n\nGnosis Safe front end is a web app whose JavaScript gets served from an Amazon S3 bucket.\n\nA Gnosis Safe developer had production AWS keys saved on their machine.\n\nThe Dev's machine was compromised and the AWS key used to deploy a malicious front end that only targeted ByBit's wallet.\n\nJavaScript web apps have no cryptographic integrity checks to ensure the code being delivered was actually written by the expected author.\n\nSigning complex EVM transactions can't be done securely on airgapped hardware because the hardware simply doesn't have all of the contextual information needed to know the outcome of executing the transaction."}