According to online reports, Safe issued a post on the X platform announcing that a security investigation jointly conducted with Mandiant (now affiliated with Google Cloud) has made key progress and confirmed that the attack on February 21 was carried out by the North Korean hacker organization TraderTraitor (UNC4899), which has previously launched attacks on the encryption industry many times. Hackers gained critical access by hacking into Safe{Wallet} developers 'computers and hijacking AWS session tokens to bypass Multiple Authentication (MFA). Safe said that despite the impact of the attack, the smart contract was not damaged, the system has been completely reset, and more stringent security measures have been implemented, including: -Infrastructure reset: Regenerate all credentials, reset clusters, update keys and confidential information, and redeploy container images. - External access restrictions: Temporarily block external access to transaction services, allow only internal communications, and strengthen firewall rules. - Malicious transaction detection upgrade: Work with Blockaid to strengthen transaction monitoring and add risk flags for Safe account master upgrades. - Real-time monitoring enhancements: Improve logging and threat detection capabilities for faster response to security incidents. - Pending transaction cleanup: Clear all pending transactions in the database to prevent potential security risks. - Optimize UI and security verification tools: Introduce Safe Utils as a third-party transaction verification tool, and plan to provide a version of Safe{Wallet} based entirely on IPFS hosting.