Safe Confirms Full Infrastructure Reset Following Bybit Hack

Safe has confirmed a full infrastructure reset following the cyberattack on February 21, 2025, which compromised Bybit's systems.

A full infrastructure reset has been confirmed by Safe following the recent cyberattack on Bybit on February 21, 2025. The attack, which was attributed to the TraderTraitor group, which has ties to North Korea, has sparked serious concerns regarding the vulnerability of both centralized and decentralized crypto platforms.

Recently, Bybit fell victim to a significant cyberattack that resulted in the theft of a large sum of cryptocurrency from user accounts. The incident is being investigated by cybersecurity firm Mandiant, which has confirmed the involvement of the TraderTraitor group.

The crypto platform has been the subject of a recent cyberattack, which is now being investigated.

The incident, which occurred on February 21, 2025, saw the TraderTraitor group, which is known for its links to North Korea, successfully siphon funds from Bybit’s system.

The attack, which is still under investigation, is believed to have been carried out in a sophisticated manner, with the attackers able to hijack AWS session tokens. This maneuver allowed them to bypass multi-factor authentication controls, granting them illicit access to Bybit’s system.

The attack on Bybit is the latest in a series of high-profile cyberattacks on cryptocurrency platforms in recent months. In December 2024, Axie Infinity was the target of a major hack that saw over $97 million in cryptocurrency stolen.

As part of its response to the Bybit hack, Safe has announced the initiation of a comprehensive security overhaul. The structure of this effort will include the rotation of all credentials, resetting of clusters, updating of builds, and redeployment of container images. These measures are designed to fortify Safe's security and restore its services with more robust protections.

In addition to resetting infrastructure, Safe has also undertaken steps to enhance its malicious transaction detection systems. The platform has partnered with Blockaid to improve monitoring systems, which will now offer more advanced detection capabilities. This collaboration aims to prevent any transactions that could be used to harm others and protect users' funds from future risks.

Safe has also announced an increase in real-time threat detection across all layers of its stack. By bolstering its monitoring systems, the platform aims to improve visibility into potential security threats and reduce response times. These steps are expected to increase the platform's overall resilience against cyberattacks.

Following the Bybit hack, the team at Safe has been working closely with cybersecurity firm Mandiant to investigate the attack.

The scope of the recent Bybit hack is substantial, with reports indicating that the Lazarus group, a North Korean hacking group, is still laundering the stolen cryptocurrency. According to blockchain research firm Arkham, the group has now fully laundered the funds.

As part of its efforts to strengthen external access and enhance user security, Safe has implemented several measures. The platform has temporarily limited external access to its Transaction Service and introduced stricter firewall rules on externally facing services.

In a related development, Safe has announced the temporary disablement of native hardware wallet signing. This decision was taken due to the potential risks associated with hardware dependencies, which are currently being investigated. While native hardware wallet support has been disabled, users can still access their wallets via WalletConnect.

To further bolster security, Safe has cleared all pending queued transactions from its databases. This precautionary step is being taken to eliminate the possibility of human error and reduce the risk of any transactions being compromised during the recovery process.

Furthermore, Safe is introducing a third-party verification tool, known as "Safe Utils," which will allow users to independently verify transaction hashes. This move is designed to provide an additional layer of transparency and accountability in transaction processing.