In February, the cryptocurrency industry faced one of its darkest moments when hackers stole $1.5 billion worth of Ether from Bybit, marking the largest theft in crypto history.
Panic over potential contagion and market collapse was quickly contained as the broader crypto community rallied to help stabilize Bybit. Within hours, the exchange managed to regain control and secure its remaining assets.
A post-incident analysis revealed that the breach occurred during routine Ether transfers between Bybit wallets. The attackers — believed to be linked to North Korea’s Lazarus Group — had compromised a SafeWallet developer’s machine, injecting malicious JavaScript into the user interface. This exploit deceived Bybit’s multisignature approval process, leading it to authorize a malicious smart contract.
The event served as a wake-up call for the entire crypto ecosystem. Despite Safe being a self-custodial wallet provider, the attack highlighted that even trusted infrastructure can be undermined through social engineering and hardware compromise, posing systemic risks across the industry.
Reflecting on the breach, Safe CEO Rahul Rumalla appeared on the Chain Reaction live show to discuss the lessons learned and the architectural overhauls undertaken in response. He emphasized the need for continuous vigilance and innovation in defending against evolving cyber threats targeting the digital asset space.
Self-Custody Faces Fragmentation Challenges
According to Rumalla, the breach stemmed from a compromised developer workstation, which gave hackers a foothold to tamper with Safe’s website code and execute the attack.
The Safe CEO described the incident as a “reckoning moment” that compelled the team to completely overhaul its security architecture and operational framework. The event also exposed flaws in industry-standard security practices, which he said are not always fit for purpose in today’s threat landscape.
“Many users still engage in what we call blind signing — they approve transactions without truly knowing what they’re authorizing,” Rumalla explained. “That’s where education, awareness, and better standards must begin.”
“Ultimately, in the world of self-custody, the actual fundamental design of this is shared responsibility of security. It’s fragmented. And this is what we started re-architecting.”
Rumalla noted that although Safe faced intense scrutiny following the Bybit hack, its core clients remained supportive, recognizing the specific attack vectors that had enabled the breach.
In response, his team began deconstructing Safe’s entire security framework, examining each layer in detail.
“We broke it down into transaction-level security, signer device-level security, infrastructure-level security — and beyond that, standards, compliance, and auditability. All of these components have to operate in harmony,” Rumalla explained.
The evolving threat landscape
The Lazarus Group continues to represent one of the most formidable threats to the cryptocurrency sector. Analysts predict the North Korean-linked hackers could steal over $2 billion in crypto assets in 2025 alone.
Rumalla emphasized that the greatest vulnerability now lies not just in code, but in social engineering tactics—sophisticated psychological strategies that hackers use to manipulate individuals and gain access to critical systems within major crypto firms.
“These attackers are in Telegram channels. They’re in our company intro chats, they’re in your DAO’s posting for grants. They’re applying for jobs as IT workers. They take advantage of the human element.”
Despite the challenges, Rumalla said the incident offered a silver lining for Safe. Knowing that the breach didn’t stem from flaws in its core code or protocol gave the team confidence to rebuild stronger.
“The smart accounts and core protocol were battle-tested — that gave us the conviction to strengthen everything built on top,” Rumalla said.
He acknowledged that self-custody solutions have long required trade-offs between usability and security, but emphasized that the industry needs a mindset shift.
“We have to keep evolving so users can manage their assets securely without sacrificing simplicity,” Rumalla added, underscoring Safe’s renewed focus on designing tools that make secure self-custody both intuitive and resilient.
