The Daily: Bybit hack post-mortem suggests Safe infrastructure compromise, Bitcoin ETFs see record $1.1B outflows and more

The following article is adapted from The Block’s newsletter, The Daily, which comes out on weekday afternoons.Happy Wednesday! As the crypto market continues to bleed, take a quick five-minute break from the screens while we get you fixed up with all the latest.In today's newsletter, a Bybit interim investigation report suggests that Safe's infrastructure was behind the record hack, U.S. spot Bitcoin ETFs witness record daily outflows of more than $1 billion, Ark Invest buys Coinbase stock and sells shares in its own Bitcoin ETF amid the market slump and more.Meanwhile, Circle and Tether trade views on U.S. regulation as a so-called "stablecoin war" heats up. Plus, Pump.fun's X account gets hacked to promote fraudulent tokens, and Dogecoin falls back to pre-DOGE levels as the Musk-Trump alliance grows.Let's get started.Bybit hack post-mortem suggests Safe infrastructure compromiseA compromised Safe developer machine appears to have allowed the Lazarus Group to inject a highly-targeted malicious script, taking control of Bybit's Ethereum cold wallet to execute the largest exploit in history.The hack, which drained $1.5 billion in ether and ether derivatives, occurred while Bybit was rotating funds using Safe(Wallet)'s multi-sig interface last Friday."The threat actor managed to gain control of the affected cold wallet and transferred its holdings to a wallet under their control," a Bybit interim investigation report from security firms Sygnia and Verichains noted on Wednesday.The investigation traced the attack to malicious JavaScript code served from Safe's AWS S3 bucket, not Bybit's infrastructure, confirming the compromise originated outside the crypto exchange.The malicious code was designed to activate only when interacting with Bybit's contract address, manipulating transactions during the signing process by masking the UI when Bybit went to move its funds.Safe confirmed the attack was due to a compromised developer machine allowing access to its AWS S3 bucket, with all credentials since rotated, but said its front-end, source code and smart contracts were unaffected.Bybit launched bug bounty programs following the hack and is estimated to have recovered over $100 million of the stolen funds so far while investigations into the exploit continue.US spot Bitcoin ETFs see record outflows of over $1 billionU.S. spot Bitcoin ETFs witnessed all-time high daily outflows of more than $1.1 billion on Tuesday, marking a six-day negative streak now totaling over $2.2 billion.Fidelity's FBTC led the outflows with $344.7 million exiting the fund, followed by $164.4 million from BlackRock's IBIT, according to data compiled by The Block.Institutional investors' rebalancing, unwinding of basis trades and macroeconomic factors all contributed to the record outflows amid the broader crypto market meltdown, analysts said.Meanwhile, Standard Chartered Head of Digital Asset Research Geoff Kendrick warned continued outflows could further lower bitcoin prices, adding, "I do not think the sell-off is over yet."Ark Invest buys Coinbase shares, sells own Bitcoin ETF amid market slumpArk Invest bought 41,032 Coinbase shares for its Next Generation Internet fund on Tuesday — worth $8.7 million — for the first time since October.Ark also sold $8.6 million worth of its own spot Bitcoin ETF, ARKB, as the Cathie Wood-led investment firm rebalanced its fund weightings amid the continued market slump.Ark's investment strategy aims to let no individual holding take up more than 10% of a fund's portfolio to maintain diversification. According to the firm's disclosures, COIN is currently the sixth-largest holding within its ARKW fund, with a weighting of 5.5%, worth around $94.4 million.ARKB remains the top allocation within the Next Generation Internet fund, with a 10.7% weighting, valued at approximately $182.2 million, followed by Tesla, Roku, Roblox and Robinhood.Bank of America CEO bullish on stablecoinsBank of America CEO Brian Moynihan expects U.S. dollar-backed stablecoins to "become legal" in the U.S., adding that the bank would "go into that business" if they do."It's pretty clear there's going to be a stablecoin, which is going to be a fully dollar backed type of thing, which is no different than the money market fund with check access, it's no different than a bank account, really," he said during an interview with Bloomberg.Moynihan envisioned a future "Bank of America coin," saying that up until now his bank has not been able to utilize stablecoins.The stablecoin market, currently valued at over $230 billion, could see significant growth if U.S. legislation paves the way for traditional banks to participate.Patrick McHenry joins a16z, ZachXBT joins ParadigmFormer House Financial Services Committee Chair Republican Patrick McHenry is joining venture capital firm a16z as a senior advisor, aiming to cut barriers to emerging startup companies in D.C.McHenry retired from politics earlier this year after leading efforts to advance crypto legislation out of the committee, including a stablecoin regulation bill and the FIT21 Act that would have granted power and funding to the CFTC to oversee spot crypto markets.Meanwhile, blockchain sleuth ZachXBT has joined crypto VC firm Paradigm as an incident response advisor to its portfolio companies — a role that still enables him to continue helping the community and publishing investigations.In the next 24 hoursU.S. GDP and jobless claims figures are due out at 8:30 a.m. ET on Thursday.Federal Reserve Vice Chair Michael Barr will speak at 10 a.m. U.S. FOMC members Michelle Bowman and Patrick Harker follow at 11:45 a.m. and 3:15 p.m., respectively.ETHDenver continues in Colorado.Never miss a beat with The Block's daily digest of the most influential events happening across the digital asset ecosystem.Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.