SlowMist said on the X platform that the following are some details of the Bybit hackers: - The malicious implementation contract was deployed at 7:15:23 UTC 2025-02-19: 0xbDd077f651EBe7f7b3cE16fe5F2b025BE2969516; 2025-02-21 14:13:35 UTC, the attacker used three owners to sign a transaction to replace the Safe implementation contract with a malicious one: 0x46deef0f52e3a983b67abf4714448a41dd7ffd6d32d32da69d62081c68ad7882; - malicious upgrade logic is embedded in STORAGE [0x0] via DELEGATECALL: 0x96221423681A6d52E184D440a8eFCEbB105C7242; The attackers used the backdoor functions sweepETH and sweepERC20 in the malicious contract to empty the hot wallet.