- Safe{Wallet} swiftly overhauled security, resetting infrastructure and tightening access to prevent future breaches.
- Lazarus Group’s Bybit hack stole $1.4B, exposing crypto vulnerabilities and fueling North Korea’s military ambitions.
- Safe{Wallet} enhanced user protection by disabling hardware wallet signing and launching a tool for independent transaction verification.
On February 21, 2025, Bybit was the subject of a cyberattack that revealed flaws in cryptocurrency platforms. The attack was planned by the TraderTraitor group, which has ties to North Korea and has raised security worries in the sector.. Consequently, Safe{Wallet} executed a full infrastructure reset to strengthen defenses and prevent future breaches.
Safe Implements Comprehensive Security Overhaul
Safe{Wallet} swiftly responded by rotating all credentials and resetting clusters. It updated builds and redeployed container images to eliminate potential security risks. Additionally, the company partnered with Blockaid to improve its malicious transaction detection systems. This collaboration introduced more advanced monitoring to block unauthorized transactions and protect user funds.
Besides enhancing monitoring, Safe{Wallet} boosted real-time threat detection across all system layers. This move improved visibility into security threats, reducing response times. Moreover, the platform limited external access to its Transaction Service and imposed stricter firewall rules. These actions aimed to minimize further risks while investigations continued.
Safe{Wallet} also took steps to safeguard users by temporarily disabling native hardware wallet signing. Hardware dependencies posed security risks, so WalletConnect remained the only access method. Furthermore, it cleared all pending transactions to eliminate human error and prevent compromised transactions during recovery. Additionally, Safe{Wallet} introduced “Safe Utils,” a third-party verification tool. This tool allows users to verify transaction hashes independently, ensuring transparency and security.
Lazarus Group’s Expanding Cybercrime Tactics
The North Korean-backed Lazarus Group cyber heists target crypto exchanges and financial institutions. The Bybit attack alone resulted in a $1.4 billion loss, making it the group’s most impotant theft. Blockchain investigator ZachXBT linked this breach to an $85 million attack on Phemex and intrusions at BingX and Poloniex.
From 2017 until the present, Lazarus has embezzled about $6 billion to finance North Korea’s nuclear budget. Lazarus is run by the Reconnaissance General Bureau of North Korea, as per the US Treasury. Additionally, the FBI has connected the three main hackers Park Jin Hyok, Jon Chang Hyok, and Kim Il to these cybercrimes.
North Korea’s geopolitical strategies are in line with these attacks. Days before the Bybit hack, North Korea announced nuclear arsenal expansions. Consequently, the timing of these cyber heists suggests a coordinated effort to fund military objectives.
