SlowMist posted on the X platform that the Safe developer's device was hacked, resulting in malicious code being injected into the front end, the attack intercepted and modified the transaction parameters. After a quick verification, it was found that there was indeed malicious code behind the js file of the Safe front end, and the relevant address (0xbdd077f651ebe7f7b3ce16fe5f2b025be2969516) involved the malicious execution contract that swept away ByBit's 1.50 billion assets.