Safe Wallet has implemented urgent security improvements to its multi-signature (multi-sig) solution after a major cyberattack on the Dubai-based exchange Bybit. The security breach, which occurred on February 21, was traced back to vulnerabilities in Safe Wallet’s UI, leading to the theft of over $1.4 billion in Ether (ETH) by North Korea’s Lazarus Group.
Safe’s Response and Security Overhaul
In response to the attack, Safe Wallet placed its UI in lockdown mode and initiated a phased security rollout with infrastructure enhancements. Co-founder Martin Koeppelmann confirmed on March 3 that the Safe team had developed and deployed ten key UI updates to address the security loopholes. Changes included displaying full raw transaction data on the UI and removing direct hardware wallet support that previously raised security concerns.
Bybit, meanwhile, closed the $1.4 billion gap and introduced a bounty program to track down the bad actors behind the breach.
Exploiting a UI Weakness
The attack targeted Bybit’s Ethereum wallet by injecting malicious JavaScript code into Safe’s interface. Bybit CEO Ben Zhou revealed during a podcast discussion that the hack occurred shortly after he signed a transaction transferring 13,000 ETH. Zhou used a Ledger hardware wallet but was unable to fully verify transaction details—a vulnerability known as “blind signing” in multi-sig crypto transactions.
Safe’s latest updates aim to mitigate such risks by improving transaction visibility for signers, ensuring they have detailed verification data before authorizing transfers.
Industry-Wide Security Collaboration
Following the attack, Kyber Network CEO Victor Tran called for industry-wide efforts to enhance crypto security. While supporting this initiative, Koeppelmann emphasized that Safe’s immediate focus remains on damage control. He acknowledged that long-term solutions would require collaboration across multiple crypto projects and security firms to strengthen frontend and transaction verification security.
“We are still in the ‘putting out fire’ mode – but once we have that behind us, we need to come together and improve overall frontend and tx verification security,” Koeppelmann stated.
As the crypto industry grapples with growing security threats, Safe Wallet’s swift response highlights the need for continuous improvement in wallet security and transaction verification protocols.
