In February, the cryptocurrency ecosystem was getting ready to disaster. Hackers have stolen $1.5 billion price of Ether from crypto exchange Bybit, the biggest theft the industry has ever seen.
Fears of a contagion-induced market collapse were eased by an industry-wide effort to shut the gap at Bybit, and inside hours the exchange regained control of the situation.
The autopsy revealed that hackers intercepted Bybit's routine transfer of Ether (ETH) between wallets. The attackers, believed to be North Korea's Lazarus Group, compromised a SafeWallet developer computer by injecting malicious JavaScript into the user interface, causing Bybit's multisignature process to approve a malicious smart contract.
9 months ago, Bybit experienced its largest crypto heist ever when hackers stole roughly $1.5 billion in Ethereum (roughly 401,000 ETH) during a routine ETH transfer.
Since then, the @secure team has completely overhauled its infrastructure and systems. Safe CEO @rahulrumalla spoke openly about… pic.twitter.com/fOYVOdF7ca
— Gareth Jenkinson (@gazza_jenks) November 6, 2025
The incident was a wake-up call for the cryptocurrency industry as many exchanges and corporations depend on the infrastructure and services of players like Safe. Even though Safe is a self-custodial wallet service, the incident proved that sophisticated social engineering or compromised physical hardware continues to pose a threat to your complete industry.
Rahul Rumalla, CEO of Safe, joined Cointelegraph's Chain Reaction live show to reflect on the insights and systemic changes necessitated by the Bybit incident and the pervasive, ever-changing threats posed by cybercriminals.
Custody is fragmented
As Rumalla explained, a Safe developer workstation was compromised, giving hackers an entry point for an attack that might manipulate the web site code.
Safe's CEO said the situation is “a moment of reckoning” that’s forcing the team to reorganize its security and infrastructure. It also drew attention to plain industry practices that is probably not fully suitable for this purpose.
“Loads of individuals are actually exposed to the concept of blind signing. You really don't know what you're signing, whether it's your signing device or your hardware devices. And that starts with education, that starts with awareness, that starts with standards,” Rumalla said.
“Ultimately, on the earth of self-governance, the very basic concept is to take shared responsibility for security. It's fragmented. And that's what we've began to revamp the architecture with.”
Rumalla added that while Safe faced intense scrutiny within the wake of the Bybit theft, its key customers supported the corporate and were very aware of the principal attack vectors that led to the incident.
His team then got down to break down the architectural layers that make up Safe's security infrastructure.
“We broke it down by transaction-level security, signatory device-level security, infrastructure-level security, but in addition standards and compliance and auditability. They all must work together ultimately,” Rumalla said.
The growing threat of hackers
Lazarus Group hackers have been the largest threat to the cryptocurrency ecosystem in recent times. Mainstream media predicts that the North Korean hacking group will capture over $2 billion in stolen cryptocurrency in 2025.
Rumalla said the largest challenge is the social engineering aspect that hacker groups use to infiltrate large firms within the industry.
“These attackers are on Telegram channels. They are in our company's introductory chats, they’re in your DAOs' grant postings. They are applying for IT jobs. They are exploiting the human element.”
This was also a silver lining for Rumalla and his team. The CEO consoled himself with the incontrovertible fact that their code and protocol weren’t accountable, saying there was a serious effort to balance security and usefulness.
“The Smart Accounts, the core protocol, that has been extremely battle-tested, which really gave us the arrogance to enhance this at the degrees above as well.”
Rumalla added that self-governance technology previously involved a trade-off between convenience and security. However, a change in mindset is required to make sure continued development of services that make it easy and secure for people to take control of their assets themselves.
