When $1.5 billion worth of Ether vanished from Bybit in February, it sent shockwaves through the cryptocurrency industry. The hack, which became the largest crypto theft in history, exposed deep vulnerabilities across the digital asset ecosystem. Now, SafeWallet, the Ethereum smart account wallet platform whose infrastructure was involved in the breach, has rebuilt its systems from the ground up.

A Heist That Shook the Industry

The February attack was a turning point for the crypto world. During what appeared to be a routine transfer between Bybit’s wallets, hackers managed to intercept roughly 401,000 ETH. Investigators later traced the breach to a compromised SafeWallet developer workstation. Malicious JavaScript was injected into Safe’s user interface, tricking Bybit’s multisignature approval process into authorizing a fraudulent smart contract.

The attackers were believed to be part of the North Korean Lazarus Group, which has been linked to several large-scale crypto exploits. Despite the magnitude of the theft, Bybit managed to contain the fallout within hours, averting a wider market collapse. Still, the incident served as a sobering reminder of how fragile even well-secured digital systems can be when human or procedural errors are exploited.

A Moment of Reckoning for SafeWallet

For SafeWallet and its CEO Rahul Rumalla, the event was more than a crisis—it was a reckoning. Speaking at the Chain Reaction live show, Rumalla said the hack forced his team to rethink every layer of their infrastructure.

“This was a reckoning moment,” he said. “We had to reorganize our entire security model and question the standard practices across the industry. What we found was that self-custody, while empowering, also distributes responsibility in a fragmented way.”

Rumalla pointed out that many users engage in what he called “blind signing,” approving transactions without fully understanding what they authorize. That vulnerability, he said, stems from a lack of education and inconsistent standards across the crypto industry.

Building a Stronger, Smarter Architecture

In the months following the breach, SafeWallet underwent a full-scale rearchitecture of its systems. The team dissected its security layers—transaction-level protections, signer device integrity, infrastructure resilience, and compliance frameworks—to ensure they worked seamlessly together.

“We broke it down layer by layer,” Rumalla explained. “Transaction-level security, device-level security, infrastructure-level security, and finally, the standards and auditability that bind them all. Every piece had to align.”

He added that while the company faced scrutiny after the incident, its core clients remained supportive, understanding that the attack had not exploited Safe’s core smart contract code. This gave the team confidence to rebuild stronger without losing faith in their technology’s foundation.

The Growing Sophistication of Hackers

The Lazarus Group has become the most persistent menace in the cryptocurrency landscape. Analysts estimate the group could steal more than $2 billion worth of digital assets in 2025 alone. What makes such attackers dangerous, Rumalla noted, is their reliance on social engineering as much as technical skill.

“These attackers are everywhere,” he warned. “They’re in Telegram groups, DAO grant forums, and even applying for jobs in crypto companies. They exploit the human element—the weakest link in any security system.”

This evolving threat landscape has pushed companies like SafeWallet to invest not just in code-level protections but also in employee awareness, vetting, and operational discipline.

Balancing Security and Usability

Despite the challenges, Rumalla sees an opportunity to push the self-custody movement forward. He emphasized that Safe’s core protocol withstood the attack, proving its robustness. The weakness, he said, lay in the surrounding layers—interfaces, devices, and workflows.

“The smart accounts and core protocol were battle-tested,” he said. “That gave us confidence to enhance everything built on top of it.”

The CEO acknowledged that the industry has long grappled with the trade-off between convenience and security. However, he believes that mindset must change if crypto is to evolve sustainably. “It’s not about choosing one or the other anymore,” he said. “It’s about designing systems that make both possible—so that people can safely take control of their assets without fear.”

As the crypto world continues to expand, the Bybit-SafeWallet incident stands as a crucial reminder that even advanced technology is only as secure as the people and processes behind it. For SafeWallet, the lessons learned have sparked a reinvention that could set a new standard for digital asset security in the years ahead.