A forensic investigation into the breach revealed that attackers from the Lazarus Group accessed Safe Wallet’s systems by stealing a developer’s credentials, according to a Feb. 26 statement by Bybit. The crypto exchange emphasized its own platforms remained secure, with no evidence of compromise found by third-party auditors Verichains and Sygnia Labs.

A Bybit statement shared with Bitcoin.com News.

The attackers reportedly manipulated Safe Wallet’s multi-signature approval process to authorize malicious transactions. This was confirmed in a social media post issued by Safe Wallet. Bybit moved most assets from affected Safe Wallet addresses immediately after detecting the incident. The exchange confirmed user funds were not impacted.

Statement shared on X by Safe Wallet.

Independent reviews by Verichains and Sygnia Labs corroborated that Bybit’s infrastructure was not breached. Safe Wallet’s parent company separately acknowledged the intrusion was isolated to its environment. A full forensic report was published for public review.

Bybit said it is evaluating alternative custody solutions to bolster security. The exchange reiterated its commitment to upgrading protocols and collaborating with external experts to counter evolving threats.

CEO Ben Zhou stated the incident highlighted persistent risks in crypto but affirmed Bybit’s systems were unscathed. “We are taking proactive steps to reinforce security and ensure the highest level of protection for our users,” he said.

The breach highlights ongoing challenges in securing decentralized systems against sophisticated cyberattacks. Bybit, the second-largest crypto exchange by volume, serves over 60 million users globally.

In recent times, Safe has cemented its reputation through multi-signature architecture—a digital gatekeeping mechanism demanding consensus from several wallet validators to greenlight transactions, thereby amplifying protection against illicit intrusions. However, this is not the first time multi-signature has come under fire.

When Bitfinex was hacked in August 2016, discussions emerged regarding Bitgo’s multi-signature security used and if it had a role in the breach. The incident, which resulted in the loss of roughly 120,000 bitcoin (valued at around $72 million at the time), raised important queries about the efficacy of multi-signature (multisig) systems.

At the time Bitgo CEO and co-founder Mike Belshe, stressed that “Bitgo systems were not breached in this attack” and Bitgo’s “software functioned correctly.” The Bitgo boss also noted that the “Bitfinex configuration was unique.”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。