So the ByBit attack was able to happen because:
Gnosis Safe front end is a web app whose JavaScript gets served from an Amazon S3 bucket.
A Gnosis Safe developer had production AWS keys saved on the...
The last part is not the issue. A Ledger could blind sign Bitcoin hashes too. It can be fixed by Safe developers making a Ledger firmware app that could parse all Safe txs, instead of using the generic Ethereum app. The same thing acinq did for lightning txs. https://x.com/acinq_co/status/1894036594866212894
1๐1
