Safe{Wallet} updates the progress of the hacking incident investigation, confirming that North Korean hacker group TraderTraitor is behind it

The multi-signature wallet Safe{Wallet} has announced that its joint security investigation with Mandiant (now part of Google Cloud) has made significant progress. It confirmed that the attack on February 21 was carried out by the North Korean hacker group TraderTraitor (UNC4899), which had previously launched multiple attacks on the crypto industry. The hackers gained critical access permissions by invading the computers of Safe{Wallet} developers and hijacking AWS session tokens to bypass Multi-Factor Authentication (MFA).

Safe{Wallet} emphasized that despite some impact from the attack, smart contracts were not damaged. The system has been fully reset and more stringent security measures have been implemented, including:

• Infrastructure reset.

• External access restrictions.

• Upgraded malicious transaction detection.

• Enhanced real-time monitoring.

• Clearing pending transactions.

• Optimized UI and security verification tools.

Safe{Wallet} calls for a collective response from the Web3 ecosystem to increasingly complex security threats, as well as enhancements to transaction verification tools to improve user safety. Detailed transaction verification guidelines have already been published officially, and plans are underway to further optimize user experience in order to reduce potential risks.