This is an up to date listing of different blog items related to web3 security.
🚨 TL;DR: Bybit didn’t get hacked in the traditional sense—there was no private key compromise, no smart contract bug, no brute-force attack. Instead, North Korea’s Lazarus Group silently hijacked Bybit’s Safe{Wallet} multisig by injecting a JavaScript patch that modified transactions before si...