In February, the cryptocurrency ecosystem stood on the precipice of disaster. Hackers stole $1.5 billion worth of Ether from cryptocurrency exchange Bybit, making it the largest theft in the industry’s history.
Fears of a market collapse due to the epidemic were alleviated by Bybit’s industry-wide efforts to bridge the gap, and within hours the exchange regained control of the situation.
A postmortem revealed that routine transfers of Ether (ETH) between Bybit wallets were captured by hackers. Attackers believed to be from North Korea’s Lazarus Group compromised SafeWallet development machines, injected malicious JavaScript into the user interface, and tricked Bybit’s multi-signature process into approving a malicious smart contract.
Nine months ago, Bybit suffered its largest cryptocurrency heist in history when hackers stole approximately $1.5 billion (approximately 401,000 ETH) of Ethereum during routine ETH transfers.
Since then, team @safe has completely overhauled our infrastructure and systems. Safe CEO @rahulrumalla speaks candidly… pic.twitter.com/fOYVOdF7ca
— Gareth Jenkinson (@gazza_jenks) November 6, 2025
This incident was a wake-up call for the crypto industry, given that many exchanges and companies rely on the infrastructure and services of players like Safe. Although Safe is a self-custodial wallet service, this incident proved that sophisticated social engineering and compromised physical hardware remain a threat to the industry as a whole.
Safe CEO Rahul Rumala joined Cointelegraph’s Chain Reaction Live Show to reflect on the learnings and system changes necessitated by the Bybit incident and the ever-present and ever-changing threat posed by cybercriminals.
Related: Safe Wallet publishes Bybit hacking post-mortem report
Self-management is fragmented
Rumalla explained that a Safe developer workstation was compromised, setting up a point of entry through which hackers could launch attacks that manipulated the website’s code.
Safe’s CEO said the situation was a “moment of reckoning” that forced the team to reorganize its security and infrastructure. We also drew attention to industry standard practices that may not be completely suitable for our purposes.
“In fact, a lot of people are exposed to the concept of blind signing. They don’t really know what they’re signing, whether it’s a signature device or a hardware device. And it starts with education, it starts with awareness, it starts with standards,” Rumala said.
“At the end of the day, the actual basic design in the self-custody world is to share responsibility for security. It’s piecemeal. And this is what we’ve started to redesign.”
Rumalla added that while Safe had come under intense scrutiny following the Bybit theft, the company’s core customers were cooperative and acutely aware of the core attack vector that led to the incident.
Related: Timeline: How Bybit’s Lost Ethereum Ended up in North Korea’s Washing Machine
His team then began deconstructing the architectural layers that make up Safe’s security infrastructure.
“We’ve broken it down not just by transaction-level security, signer device-level security, infrastructure-level security, but also by standards and compliance and auditability. These all have to work together in some way,” Rumalla said.
The Evolving Hacker Threat
Lazarus Group hackers have become the most prolific threat to the cryptocurrency ecosystem in recent years. Major media outlets predict that North Korean hacker groups will steal more than $2 billion in cryptocurrencies by 2025.
Rumala said the biggest challenge is the social engineering aspect that hacker groups are using to infiltrate major companies in the industry.
“These attackers are in Telegram channels. They’re in our introductory chats. They’re in DAO posts asking for grants. They’re applying for jobs as IT workers. They’re leveraging the human element.”
This was also a ray of hope for Rumala and his team. Taking solace in the fact that there were no issues with the code and protocols, the CEO said they are working hard to balance security and ease of use.
“Our core protocol, Smart Accounts, has been thoroughly tested, which gives us the confidence to improve on the layers above.”
Rumalla added that self-storage technology has historically required a compromise between convenience and security. However, a shift in mindset is required to continually evolve products and services that allow people to self-manage their assets easily and securely.
magazine: North Korean crypto hacker eavesdrops on ChatGPT and siphons Malaysian road money: Asia Express
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
