Yeah I figured it was Bybit, and surprised to learn that issue was in a Safe contract (Safe was considered standard multisig contract), am looking in to it deeper today.
It was an Ethereum multisig smart contract.
In Bitcoin, multisig is simple and straightforward, easy to verify on a hardware wallet.
In Ethereum however, the simplest of smart contracts, even for a simple multisig set up, are harder to verify on a hardware wallet, creating more opportunities for such vulnerabilities.
Here is an article with more details about the hack:
https://www.ledgerinsights.com/bybit-hack-phishing-involved-plus-how-to-prevent-similar-hacks/
Discussion
The issue wasn't in the smart contract, it was a compromised dev machine. Something like this can happen to any cryptocurrency, we have seen such compromises causing issues on Bitcoin too.
Ethereim smart contracts have many issues, but this incident wasn't a case of smart contract vulnerability.
Ethereum and Bitcoin both share the same elliptic curve (secp256k1) so the cost of signing is the same. The issue with multisig is lack of standization. If there were one dominant standard, the hardware wallet could do it.
What hardware wallets support multisig on Bitcoin?