- Safe Wallet admits hackers used its system but denies smart contract failure
- Crypto community blasts its response, calling it weak and unclear
- FBI confirms North Korea’s Lazarus Group stole 40,000 ETH from Bybit
- Authorities tracking stolen funds as laundering efforts continue
The $1.5 billion Bybit hack just took another twist. Safe Wallet, a widely used crypto custody service, has now confirmed that attackers exploited its system. However, the company insists its smart contracts were not the problem.
— Safe.eth (@safe) February 26, 2025
According to Safe Wallet, hackers gained access through a compromised developer machine, which let them execute a disguised transaction. While the company claims there were no vulnerabilities in its code, the breach was enough to steal a massive sum.
Since then, Safe Wallet has been working to restore services on the Ethereum mainnet. The team says they’ve rebuilt their infrastructure, changed all security credentials, and tightened up security. But despite these fixes, users are still being told to be extra careful when signing transactions.
The company is also launching a push for better transaction verification standards across the crypto industry. A full investigation report is expected soon.
Crypto Community Not Buying Safe Wallet’s Explanation
Not everyone is convinced by Safe Wallet’s response. Many in the crypto space say the company’s explanation is too vague and doesn’t address major security concerns.
I usually try not to criticize other industry players, but I still do it once in a while. 😂
— CZ 🔶 BNB (@cz_binance) February 26, 2025
This update from Safe is not that great. It uses vague language to brush over the issues. I have more questions than answers after reading it.
1. What does "compromising a Safe… https://t.co/VxywHyzqXb
Former Binance CEO Changpeng Zhao (CZ) was one of the first to call it out. He said the company’s statement left him with “more questions than answers.” His biggest concerns? How the hackers got in, why Ledger verification didn’t stop them, and why Bybit’s funds were targeted instead of others.
Security experts also believe this wasn’t a smart contract attack but rather a frontend breach. Hackers likely manipulated Safe Wallet’s user interface, tricking victims into signing bad transactions. One analyst called it a “classic supply chain attack” and warned that any service relying on user-facing apps could be at risk.
“The way big crypto firms handle security needs a serious upgrade,” one expert said.
FBI Confirms Lazarus Group Stole 40,000 ETH
To make matters worse, the FBI has now officially linked the attack to North Korea’s Lazarus Group. The cybercriminal organization stole 40,000 ETH from Bybit’s cold wallet and is already moving the funds through laundering networks.
看来真相出来了,Safe 最终还是被攻陷了,确实智能合约部分没问题(链上很容易验证),但前端被篡改伪造达到欺骗效果。至于为什么被篡改,等 Safe 官方的细节披露…
— Cos(余弦)😶🌫️ (@evilcos) February 26, 2025
Safe 这种算是一种安全基础设施了,理论上所有用这个多签钱包的人都可能会类似 Bybit 这样被盗。
细思恐极的是,所有其它带前端、API… https://t.co/zZDAg3p7fz
The FBI released a warning, saying that the stolen crypto is being quickly converted into Bitcoin and spread across thousands of addresses. They believe the assets will eventually be cashed out.
Authorities have published a list of Ethereum addresses tied to the hackers and are urging exchanges, blockchain firms, and DeFi platforms to block transactions linked to them.
With billions at stake, Safe Wallet and Bybit are under massive pressure to respond. Users want answers, and the industry wants better security.
