Cryptocurrency exchange Bybit has published a forensic review on last week’s $1.5 billion hack, revealing that its systems had not been infiltrated and that the issue seemed to have stemmed from compromised Safe wallet infrastructure.

Bybit concluded from the review that “the credentials of a Safe developer were compromised,” which allowed the Lazarus hacking group to gain unauthorized access to the Safe wallet and subsequently deceive Bybit staff into signing the malicious transaction.

However, a person familiar with the matter told CoinDesk that despite the wallet’s infrastructure being compromised by social engineering, the hack would not have been possible had Bybit not “blind signed” the transaction. The term refers to a mechanism where a smart contract transaction is approved without comprehensive knowledge of its contents.

Safe also issued a statement saying that “Safe smart contracts [were] unaffected, an attack was conducted by compromising a Safe {Wallet} developer machine which affected an account operated by Bybit.” It also pointed out that a “forensic review of external security researchers did NOT indicate any vulnerabilities in the Safe smart contracts or source code of the frontend and services.”

The apparent back and forth between both companies mirrors that of WazirX and Liminal Custody, which blamed each other following a $230 million exploit last July.

On-chain veri analyzed by ZachXBT shows that Lazarus is attempting to launder the stolen funds, with 920 wallets currently being tainted with the ill-gotten gains. The funds, perhaps inadvertently, have been commingled with stolen funds from hacks targeting Phemex and Poloniex, linking Lazarus Group to all three.