In February, the cryptocurrency ecosystem was teetering on the brink of disaster. Hackers have stolen $1.5 billion of Ether from crypto exchange Bybit, the largest theft the industry has ever seen.
Fears of a contagion-induced market collapse were allayed by an industry-wide effort to plug the Bybit gap, and within hours the stock market had regained control of the situation.
The autopsy revealed that Bybit’s routine transfer of Ether (ETH) between wallets was intercepted by the hackers. The attackers, believed to be North Korea’s Lazarus Group, compromised the SafeWallet development engine, injecting malicious JavaScript into the user interface, which tricked Bybit’s multisignature process into approving the malicious smart contract.
9 months ago, Bybit suffered the biggest crypto heist ever, as hackers stole ~$1.5 billion in Ethereum (~401,000 ETH) during a routine ETH transfer.
Since then the team @safe has completely rebuilt its infrastructure and systems. Safe CEO @rahulrumalla spoke honestly about… pic.twitter.com/fOYVOdF7ca
— Gareth Jenkinson (@gazza_jenks) November 6, 2025
The incident was a wake-up call for the cryptocurrency industry, given that many exchanges and companies rely on the infrastructure and services of players like Safe. Although Safe is a self-service wallet service, the incident showed that sophisticated social engineering or compromised physical hardware still pose a threat to the entire industry.
Safe CEO Rahul Rumalla joined Cointelegraph’s Chain Reaction live show to reflect on the learnings and systemic changes necessitated by the Bybit incident and the ever-present, ever-changing threat posed by cybercriminals.
Related: SafeWallet publishes post-mortem report on Bybit hack
Self-care is fragmented
As Rumalla explained, a Safe developer’s workstation was compromised, which set up an entry point for hackers to launch an attack that could manipulate the website’s code.
Safe’s CEO said the situation “was a moment of reckoning” that forced the team to reorganize its security and infrastructure. He also drew attention to industry standard practices that may not be entirely fit for purpose.
“A lot of people are actually bought into the concept of blind signing. You really don’t know what you’re signing, whether it’s a signing device or hardware devices. And that starts with education, that starts with awareness, that starts with standards,” Rumalla said.
“Ultimately, in the world of self-defense, the real core design of this is shared responsibility for security. That’s fragmented. And that’s what we’ve started to re-engineer.”
Rumalla added that while Safe faced significant scrutiny after the Bybit theft, its core clients supported it and were aware of the attack vectors that led to the incident.
Related: Timeline: How Bybit’s Lost Ethereum Went Through North Korea’s Washing Machine
His team then set to work breaking down the layers of architecture that make up Safe’s security infrastructure.
“We’ve broken it down into transaction-level security, signer-device-level security, infrastructure-level security, but also standards and compliance and auditability. They all have to work together in some way,” Rumalla said.
The evolving threat from hackers
Lazarus group hackers have been the most prolific threat to the cryptocurrency ecosystem in recent years. Mainstream media forecasts a North Korean hacker group in 2025 seized more than $2 billion in stolen cryptocurrency.
Rumalla said the biggest challenge is the social engineering aspect that hacker groups use to infiltrate large companies in the industry.
“These attackers are in Telegram channels. They’re in our company’s introductory chats, they’re in your DAO’s grant posting. They’re applying for IT worker jobs. They’re exploiting the human element.”
This also provided a silver lining for Rumalla and his team. Taking solace in the fact that their code and protocol were not flawed, the CEO said that serious efforts are being made to strike a balance between security and usability.
“Smart accounts, the underlying protocol, that’s been tested in super battles, that’s really given us the confidence to take this to the layers above.”
Rumalla added that self-defense technology has historically involved a trade-off between convenience and security. However, a change in mindset is needed to ensure the constant evolution of products and services that make it easier and safer for people to take self-control over their assets.
Magazine: North Korean crypto hackers tapped ChatGPT, Malaysia’s money taken off the road: Asia Express
About the Author
