Safe{Wallet} Statement on Targeted Attack on Bybit
Safe{Wallet} has confirmed that the recent attack on Bybit was executed by North Korea's Lazarus Group, which compromised a Safe{Wallet} developer's machine to propose a disguised malicious transaction to a Bybit-operated account. Forensic investigators found no vulnerabilities in Safe's smart contracts or frontend source code, with the issue stemming solely from the compromised developer credentials. The team has fully rebuilt infrastructure, rotated all credentials, and restored Safe{Wallet} services on the Ethereum mainnet with additional security measures implemented. In response to the incident, Safe has committed to spearheading an industry-wide initiative focused on improving transaction verifiability, which it describes as an ecosystem-wide challenge.