
KEYTAKEAWAYS
- Bybit lost $1.5B in a cold wallet hack, allegedly by Lazarus Group, exposing critical security flaws.
- Safe wallet’s UI vulnerability allowed hackers to steal funds, raising concerns about smart contract integration and platform transparency.
- Crypto users should prioritize security, use cold wallets, and choose platforms with strong audit records and clear incident response plans.
CONTENT
In February 2025, the crypto industry faced another major security crisis. Bybit , a leading crypto exchange, suffered a massive hacker attack, losing billions of dollars. This incident exposed serious security weaknesses in Bybit’s system and raised concerns about the overall security standards in the crypto industry. As the situation unfolded, another security issue came to light—Safe wallet also faced a critical vulnerability, sparking debates on crypto platform security and transparency.
BYBIT HACK: TRACKING THE STOLEN FUNDS
On February 22, blockchain investigator Zachxbt noticed unusual transactions from Bybit, estimating a loss of around 500,000 ETH (approximately $1.5 billion, assuming 1 ETH ≈ $3,000). The stolen funds were quickly moved through decentralized exchanges (DEXs) and converted into other assets like USDT and BTC. This suspicious activity caught the attention of security experts.
Soon after, SlowMist, a blockchain security firm, confirmed that the hacker group Lazarus Group, suspected to be from North Korea, was responsible for the attack. The hackers possibly exploited an internal system vulnerability or used phishing techniques to gain access to Bybit’s ETH cold wallet.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
On the same day, Bybit’s CEO confirmed that one of their ETH cold wallets had been compromised, with about 500,000 ETH stolen. The exchange immediately launched emergency measures. On February 23, blockchain security firm BeosinTrace reported that the hackers continued to launder the stolen assets through DEXs and crypto mixing services, making tracking more difficult. Bybit later introduced a bounty program, offering a $5 million reward for recovering the stolen funds.
However, the actual amount retrieved was minimal. This incident highlighted Bybit’s weak security in cold wallet management and emergency response.
FROM BYBIT TO SAFE: A CHAIN OF SECURITY FAILURES
Just as the Bybit hack was being investigated, another major security issue emerged—Safe wallet was also compromised. Safe was widely considered a highly secure decentralized wallet, but this attack raised doubts about its reliability.
On February 23, Safe’s official account confirmed a UI system vulnerability that allowed hackers to access multiple user wallets and steal funds. While the exact amount stolen was not officially disclosed, estimates suggest the losses were in the millions of dollars. Safe stated that the vulnerability was related to an issue between developer devices and the front-end interface, possibly caused by malicious script injections. However, the exact method of attack remained unclear. This incident led to a sharp drop in user trust towards Safe.
I usually try not to criticize other industry players, but I still do it once in a while. 😂
This update from Safe is not that great. It uses vague language to brush over the issues. I have more questions than answers after reading it.
1. What does “compromising a Safe… https://t.co/VxywHyzqXb
— CZ 🔶 BNB (@cz_binance) February 26, 2025
Adding to the problem, Safe’s initial report lacked details, failing to explain how the attack happened and the full extent of the damage. On February 25, CZ, the CEO of Binance, criticized Safe for its vague response, saying the report was “unclear and avoiding key issues.” He warned that lack of transparency could create more panic among users and damage trust in the industry.
TIMELINE OF EVENTS: THE UNFOLDING SECURITY CRISIS
To better understand how the events developed, here is a timeline of key incidents:
- February 22: Bybit reported a major hack, losing 500,000 ETH. Investigators suspected Lazarus Group was behind the attack.
- February 23: Safe confirmed a UI vulnerability, allowing hackers to access multiple wallets. Estimated losses were in the millions of dollars.
- February 24: Safe released an initial report admitting the vulnerability but did not provide specific details about the losses, leading to user dissatisfaction.
- February 25: CZ publicly criticized Safe’s report, saying it lacked transparency and failed to address key concerns.
- February 26: Safe released a second report, explaining that the issue was caused by a code flaw in the integration between smart contracts and the UI system. However, they still did not disclose the total amount of stolen funds.
These events showed that many crypto platforms still lack strong security measures and clear communication during crises.
SAFE WALLET: BACKGROUND AND SECURITY RISKS
Safe is a decentralized crypto wallet designed for multi-signature security and smart contract-based asset management. It allows users to securely store multi-chain assets (ETH, BNB, etc.) and conduct complex transactions. Multi-signature wallets require multiple approvals for transactions, making them theoretically resistant to single-point failures.
However, this recent UI vulnerability exposed weaknesses in the connection between the front-end system and back-end contracts. Hackers may have bypassed security protections by manipulating user interfaces or forging signatures.
After the attack, Safe announced immediate fixes and began working with third-party security firms like SlowMist and PeckShield for a full security audit. They also promised to strengthen their internal security team and implement real-time monitoring systems. However, since they did not provide clear details such as hacked wallet addresses or exact recovery measures, user trust remained shaken.
THE FUTURE OF CRYPTO SECURITY
The Bybit and Safe security failures serve as a wake-up call for the crypto industry. No matter how advanced the technology is, vulnerabilities still exist, and hackers are always looking for weak spots.
For crypto platforms, security should not just be a slogan—it requires serious investment in professional audits, regular security reports, and full transparency when incidents occur. Platforms must be quick to communicate with users, rather than hiding critical information.
For crypto users, security should be a top priority when choosing a platform. Don’t just focus on high returns—pay attention to security track records, past audits, and platform transparency. Most importantly, don’t store all assets in one place. Use cold wallets, multi-signature protection, and diversified storage to reduce risks.
If the crypto industry wants to gain long-term trust, platforms must take security and transparency seriously, and users must stay informed and cautious. Only with combined efforts can we reduce risks and build a safer crypto space.
▶ Buy Crypto at Bitget
CoinRank x Bitget – Sign up & Trade to get $20!
