In the grand theater of crypto chaos, February 2025 stole the show with a colossal $1.5 billion Ethereum heist hitting Bybit.
That was the largest theft the industry had ever faced. Like a bad sci-fi flick, villainous hackers, likely North Korea’s infamous Lazarus Group turned a SafeWallet developer’s machine into a Trojan horse.
Stay ahead in the crypto world – follow us on X for the latest updates, insights, and trends!🚀
The result? Bybit’s multisignature process, trustingly blind, approved a malicious smart contract.
Reckoning moment
This debacle haunted the crypto world, especially Safe, the Ethereum smart wallet provider that found itself squarely in the hacker’s crosshairs.
Safe’s CEO Rahul Rumalla calls it a “reckoning moment,” the kind that forces a team to rip apart their systems and rebuild smarter, sturdier, and, frankly, more paranoid.
SafeWallet is self-custodial, meaning users hold their own keys, supposedly the fortress of crypto freedom.
But as Rumalla explained on Cointelegraph’s Chain Reaction show, social engineering and compromised devices can break even the best defenses.
Blind signing, a fancy term for clicking approve without knowing what you’re signing is a nasty trap many fall into. Education and standards need to catch up fast.
Crypto-security Avengers
This attack turned up a glaring industry truth, self-custody security is fragmented, like a jigsaw puzzle with some missing pieces.
SafeWallet’s response? A top-to-bottom re-architecture splitting security into transaction-level safeguards, signer device protections, infrastructure hardening, and a rigorous embrace of standards and audits.
“They all have to work together,” Rumalla stressed, like some crypto-security Avengers assembling.
The shadowy Lazarus Group sleeps lightly on the global stage, having already snagged over $2 billion in stolen crypto this year.
Their secret weapon? Human trickery. Rumalla paints a dystopian scene of hackers lurking in Telegram chats, slipping into company meetings, soaking up insider vibes, and even applying for IT gigs, social engineering on steroids.
Security vs. convenience
But here’s the silver lining, experts think the attack wasn’t on Safe’s core smart contracts, as they’re battle-hardened and resilient.
The problem hit higher layers, prompting a renewed focus on balancing bulletproof security with user-friendly convenience.
Self-custody has always been a high-wire act between ease and safety. Rumalla’s call signals a shift, a crusade to build products empowering people to hold their crypto keys without taking unnecessary risks.
So, in a world where digital wallets are prime hacker targets, SafeWallet’s overhaul is a lesson in humility, vigilance, and the brutal truth that in crypto, the war is never over, it just changes fronts.
Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.
Cryptocurrency and Web3 expert, founder of Kriptoworld
LinkedIn | X (Twitter) | More articles
With years of experience covering the blockchain space, András delivers insightful reporting on DeFi, tokenization, altcoins, and crypto regulations shaping the digital economy.
📅 Published: November 8, 2025 • 🕓 Last updated: November 8, 2025
✉️ Contact: [email protected]
