In February, the cryptocurrency ecosystem stood on the precipice of disaster. Hackers have stolen $1.5 billion of ether from crypto exchange bybit, the largest theft the industry has ever seen.
Fears of a contagion-driven market crash was eased by an industry-wide effort to plug the bybit gap, and within hours, the exchange regained control of the situation.
Post-mortem revealed that the regular transfer of Bybit ether (Eth) between wallets were obtained by hackers. The attackers, believed to be North Korea’s Lazarus group, compromised a Safewallet developer’s machine, injecting malicious JavaScript into the user interface, tricking Bybit’s multisignature process into approving a malicious smart contract.
9 months ago, Bybit suffered the largest-ever crypto heist, as hackers stole ~$1.5 billion in Ethereum (~401,000 ETH) in a regular ETH transfer.
Since then, the team @safe has completely overhauled its infrastructure and systems. Safe CEO @rahulrumalla Well spoken… pic.twitter.com/foyvodf7ca
– Gareth Jenkinson (@gazza_jenks) November 6, 2025
The incident is a wake-up call for the cryptocurrency industry, given that many exchanges and companies rely on the infrastructure and services of players as safe. Although secure is a self-customized wallet service, the incident proved that sophisticated social engineering or compromised physical hardware remains a threat to the entire industry.
Secure CEO Rahul Rumalla joined Cointelegraph’s live chain reaction to reflect on the lessons learned and systemic changes necessitated by the bybit incident and the ongoing, evolving threats from cybercriminals.
Related: Safewallet Releases Bybit Hack Post-Mortem Report
Self-custody is fragmented
As Rumalla explained, a secure developer’s workstation was compromised, setting up an entry point for hackers to mount an attack that could manipulate the website’s code.
The safe CEO said the situation “was a moment of reckoning” that forced the team to reorganize its security and infrastructure. It also draws attention to industry standard practices that may not be entirely fit for purpose.
“A lot of people have really come under the concept of blind signing. You don’t really know what you’re signing, whether it’s your signing device or your hardware devices. And it starts with education, which starts with awareness, which starts with standards,” said Rumalla.
“Ultimately, in the world of self-custody, the actual core design of it is shared security responsibility. It’s scattered. And this is what we’re starting to re-archive.”
Rumalla added that while Safe faces significant scrutiny over the outbreak of bybit theft, its core clients are supportive and keenly aware of the key attack vectors that led to the incident.
Related: Timeline: How Bybit’s Ethereum Lost Through North Korea’s Washing Machine
His team then set to work breaking down the architectural layers that make up the safe’s security infrastructure.
“We break it down by transaction-level security, device-level security, infrastructure-level security, but also standards and compliance, and auditing. They all have to work together in some way,” Rumalla said.
The emerging threat from hackers
Lazarus Group hackers are the most practical threat to the cryptocurrency ecosystem in recent years. Mainstream media Estimates North Korean hacking group to bag more than $2 billion in stolen cryptocurrency by 2025.
Rumalla said the biggest challenge is the social engineering aspect that hacking groups use to infiltrate major companies in the industry.
“These attackers are in Telegram channels. They are in our company Intro Chats, they are in posting your DAO for grants. They are applying for jobs while workers. They are exploiting the human element.”
It also provided a silver lining for Rumalla and his team. Taking solace from the fact that their code and protocol are infallible, the CEO said there is an earnest effort to balance security and usability.
“The smart accounts, the core protocol, that’s been so battle tested, that’s really given us the confidence to elevate it to the layers above as well.”
Rumalla added that self-custody technology has historically involved a compromise between convenience and security. However, a change in mindset is required to ensure continued evolution in products and services that make it easy and safe for people to take self-control of their assets.
Magazine: North Korea Crypto Hackers Tap Chatgpt, Malaysia Road Money Siphoned: Asia Express
