The crypto world was shaken last week as Bybit suffered a staggering $1.4 billion hack—now being called the largest crypto theft in history. However, multiple independent audits have revealed that Bybit was not the point of failure. Instead, the breach originated from a critical security vulnerability within Safe, a widely trusted crypto wallet provider.
How the Attack Happened
According to cybersecurity firms Verichains and Sygnia Labs, North Korean hackers infiltrated Safe’s online infrastructure—hosted on Amazon Web Services (AWS)—by injecting malicious JavaScript code. While the exact method of infiltration remains unknown, the attack was meticulously planned to bypass detection.
To avoid triggering alarms, the malicious code was designed to remain dormant until it interacted with Bybit’s contract address. Two days after the infiltration, Bybit unknowingly engaged with Safe’s compromised infrastructure, activating the attack. Within moments, the hackers siphoned $1.4 billion worth of Ethereum and related tokens from Bybit’s wallets.
A Disappearing Act
In an almost cinematic twist, just two minutes after the hack, the attackers erased their traces by updating Safe’s infrastructure and removing the malicious code. This stealthy maneuver left investigators scrambling for leads, as the hackers vanished without a trace.
What This Means for the Crypto Industry
This breach raises serious concerns about third-party security risks, even for well-established platforms like Bybit. The attack highlights the growing sophistication of state-backed cybercriminal groups, particularly those linked to North Korea, which has a long history of targeting crypto platforms to fund its regime.
For exchanges, wallets, and DeFi platforms, this serves as a critical wake-up call: even “impenetrable” solutions can be compromised. Moving forward, companies must re-evaluate their security strategies, conduct rigorous independent audits, and enforce real-time monitoring to prevent similar exploits.
Source: decrypt
