Safe is tackling security concerns in response to the massive $1.5 billion Bybit hack.
As Bybit deals with the fallout of a massive $1.5 billion Ethereum breach, Safe has officially announced its security stance to address concerns.
On February 21, 2025, a routine wallet transfer at Bybit triggered an unprecedented security breach.
The exploiters tampered with the transaction process and siphoned 401,000 ETH to an anonymous wallet, setting a new record for the largest crypto theft.
After conducting an in-depth forensic probe, investigators identified the Lazarus Group, a North Korean state-affiliated hacking entity, as the prime suspect in the attack.
The attackers gained unauthorized access by exploiting the stolen credentials of a Safe developer.
In response to the breach, Safe{Wallet} shared a statement on the social media site X.
“Forensic findings confirm targeted attack on Bybit by Lazarus. Safe smart contracts unaffected; an attack was conducted by compromising a Safe developer’s credentials.”
Safe{Wallet} affirmed that the attack did not affect its essential components, like smart contracts and front-end services, which remain protected.
Safe{Wallet} clarified that credential theft from an external source, not a weakness in its own systems, caused the breach.
However, Binance founder and ex-CEO CZ has pushed back against the report, arguing that it lacks thoroughness and leaves many aspects of the incident unclear. He specifically criticized the ambiguous phrase “compromising a Safe developer machine.”
Moreover, he sought clarification on how the hackers gained access to the machine, questioning whether a virus, social engineering, or another exploit caused the breach.
CZ expressed concerns about the connection between a developer machine and an exchange account. He asked whether the developer had deployed code directly into production from the machine.
Additionally, he questioned how the hackers bypassed ledger verification across multiple signers, and speculated whether the signers had failed to verify correctly or had signed without reviewing the details.
Lastly, the Binance founder asked whether the $1.4 billion wallet was the biggest address managed via Safe and why the hackers had ignored other wallets, and also inquired about the key lessons that “self-custody, multi-sig” wallet providers and users should learn from this event.
Meanwhile, Ben Zhou, the CEO of Bybit, reassured customers that their assets remain safe, confirming that the exchange maintains full 1:1 backing. He also launched a bounty program against Lazarus Group, aiming to disrupt their network.
Despite the significant loss, Bybit secured loans to cover the deficit and is collaborating with blockchain forensic experts to trace and recover the stolen funds.
