Bybit stated its infrastructure was unaffected in the $1.4 billion security incident involving compromised developer machine credentials at Safe Wallet, which enabled unauthorized transactions.
Third-Party Audits Clear Bybit in Safe Wallet Breach by Lazarus Group
This article was published more than a year ago. Some information may no longer be current.
WRITTEN BY
SHARE
Bybit Confirms Systems Secure After Safe Wallet Attack
A forensic investigation into the breach revealed that attackers from the Lazarus Group accessed Safe Wallet’s systems by stealing a developer’s credentials, according to a Feb. 26 statement by Bybit. The crypto exchange emphasized its own platforms remained secure, with no evidence of compromise found by third-party auditors Verichains and Sygnia Labs.
The attackers reportedly manipulated Safe Wallet’s multi-signature approval process to authorize malicious transactions. This was confirmed in a social media post issued by Safe Wallet. Bybit moved most assets from affected Safe Wallet addresses immediately after detecting the incident. The exchange confirmed user funds were not impacted.
Independent reviews by Verichains and Sygnia Labs corroborated that Bybit’s infrastructure was not breached. Safe Wallet’s parent company separately acknowledged the intrusion was isolated to its environment. A full forensic report was published for public review.
Bybit said it is evaluating alternative custody solutions to bolster security. The exchange reiterated its commitment to upgrading protocols and collaborating with external experts to counter evolving threats.
CEO Ben Zhou stated the incident highlighted persistent risks in crypto but affirmed Bybit’s systems were unscathed. “We are taking proactive steps to reinforce security and ensure the highest level of protection for our users,” he said.
The breach highlights ongoing challenges in securing decentralized systems against sophisticated cyberattacks. Bybit, the second-largest crypto exchange by volume, serves over 60 million users globally.
In recent times, Safe has cemented its reputation through multi-signature architecture—a digital gatekeeping mechanism demanding consensus from several wallet validators to greenlight transactions, thereby amplifying protection against illicit intrusions. However, this is not the first time multi-signature has come under fire.
When Bitfinex was hacked in August 2016, discussions emerged regarding Bitgo’s multi-signature security used and if it had a role in the breach. The incident, which resulted in the loss of roughly 120,000 bitcoin (valued at around $72 million at the time), raised important queries about the efficacy of multi-signature (multisig) systems.
At the time Bitgo CEO and co-founder Mike Belshe, stressed that “Bitgo systems were not breached in this attack” and Bitgo’s “software functioned correctly.” The Bitgo boss also noted that the “Bitfinex configuration was unique.”
