Safe{Wallet} has announced significant progress in its joint security investigation with Mandiant, a subsidiary of Google Cloud. The investigation confirmed that the February 21 attack was orchestrated by the North Korean hacker group TraderTraitor (UNC4899), which is notorious for targeting the cryptocurrency industry.
These hackers infiltrated the computers of Safe{Wallet} developers and bypassed multi-factor authentication (MFA) by hijacking AWS session tokens, thereby gaining critical access to sensitive information. In light of the attack, Safe{Wallet} emphasized that although the incident had some repercussions, the integrity of the smart contracts remained intact.
To address the situation thoroughly, the system has undergone a complete reset, complemented by the implementation of enhanced security measures, including: - **Infrastructure Reset**: All credentials have been regenerated, clusters reset, keys and secret information updated, and container images redeployed to ensure a robust security posture. - **External Access Restriction**: As a precaution, external access to trading services has been temporarily restricted, allowing only internal communications while implementing strengthened firewall rules to guard against potential threats. - **Malicious Transaction Detection Upgrade**: In collaboration with Blockaid, Safe{Wallet} has enhanced its transaction monitoring systems, adding specific risk markers for improved control of Safe account transactions. - **Real-Time Monitoring Enhancement**: The enhancements made to logging and threat detection capabilities facilitate a quicker response to security incidents, which is critical in today’s fast-paced digital environment. - **Pending Transaction Clearance**: To avert any security risks, all outstanding transactions in the database have been cleared, ensuring that malicious actors cannot exploit these vulnerabilities. - **UI and Security Verification Tool Optimization**: Safe Utils has been introduced as a third-party transaction verification tool, with future plans to offer a fully IPFS-hosted version of Safe{Wallet} to further enhance security features. Safe{Wallet} emphasizes the importance of collective action within the Web3 ecosystem to effectively confront the evolving landscape of security threats.
The company encourages developers and users alike to focus on improving transaction verification tools to elevate user safety standards. In pursuit of this goal, Safe{Wallet} has released comprehensive guidelines on transaction verification and is dedicated to optimizing user experience to minimize potential risks inherent in the cryptocurrency space..