Nine months after the $1.5 billion ETH theft from Bybit, the largest crypto hack in history, SafeWallet’s restructuring is total. Rahul Rumalla, CEO of Safe, called the incident a “reckoning moment” that forced the company to fundamentally rethink its security. Despite the initial panic, Rumalla highlighted that Safe’s core protocol and smart accounts “were super battle-tested” and were not compromised.
Attack Details and Industry Implications
The attack, attributed to North Korea’s Lazarus Group, originated by compromising a SafeWallet developer’s workstation, injecting malicious code into the user interface. This tricked Bybit’s multisig process, exploiting the “blind signing” vulnerability. Rumalla explained that this incident exposed how self-custody security is “fragmented” and is a “shared responsibility,” an industry standard that must change.
SafeWallet's Multi-Layered Security Overhaul
As a result, SafeWallet is “re-architecting” its system, addressing security on multiple layers: transaction level, signing device level, and infrastructure, in addition to standards and compliance. Rumalla warned that the biggest future threat is social engineering and that the industry must focus on balancing security with usability without compromising self-custody.