24/7 Cryptocurrency News

Safe Confirms Full Infrastructure Reset After February Bybit Hack

Safe resets infrastructure, enhances security, and partners with Mandiant to secure user funds after Bybit hack linked to North Korea.
Safe Confirms Full Infrastructure Reset After February Bybit Hack

Highlights

  • Safe undergoes a full infrastructure reset, rotating credentials and enhancing security after the February Bybit hack.
  • Collaborating with Mandiant, Safe uncovers North Korean-linked TraderTraitor group behind the Bybit cyberattack.
  • Safe strengthens security with real-time threat detection, hardware wallet restrictions, and third-party transaction verification.

Safe has confirmed a full infrastructure reset following the cyberattack on February 21, 2025, which compromised Bybit’s systems.

The attack, attributed to the TraderTraitor group linked to North Korea, has sparked serious concerns regarding the vulnerability of both centralized and decentralized crypto platforms. The recent cyberattack has prompted Safe{Wallet} to take urgent action to secure its infrastructure and prevent future breaches.

Advertisement

Safe Infrastructure Reset and Enhanced Security Measures

As part of its response to the Bybit hack, Safe has initiated a comprehensive security overhaul. The infrastructure reset includes rotating all credentials, resetting clusters, updating builds, and redeploying container images. These measures are designed to fortify Safe{Wallet}’s security and restore its services with more robust protections.

In addition to resetting infrastructure, Safe{Wallet} has worked to enhance its malicious transaction detection systems. The platform has partnered with Blockaid to improve monitoring systems, which now offer more advanced detection capabilities. This collaboration aims to prevent any further unauthorized transactions and protect users’ funds from future risks.

Safe{Wallet} has also increased real-time threat detection across all layers of its stack. By bolstering its monitoring systems, the platform aims to improve visibility into potential security threats and reduce response times. These steps are expected to increase the platform’s overall resilience against cyberattacks.

Advertisement

Collaboration with Mandiant and Ongoing Investigation

Post the Bybit hack, the Safe{Wallet} team has been working closely with Mandiant, a cybersecurity firm, to investigate the attack. Mandiant has been helping analyze the security breach and uncover how the attackers bypassed several security layers.

According to the latest findings, the attack was highly sophisticated and involved the hijacking of AWS session tokens, allowing the attackers to bypass multi-factor authentication controls.

Mandiant’s preliminary report confirms the involvement of the TraderTraitor group, which is known for its connection to North Korea’s hacking activities. This group has been linked to previous high-profile crypto heists. The investigation continues, with efforts focused on understanding the full scope of the attackers’ actions and identifying any remaining vulnerabilities within Safe{Wallet}’s infrastructure.

In addition to Mandiant’s findings, blockchain research firm Arkham has been tracking the activities of the attackers. On March 4, Arkham reported that the Lazarus group, associated with the North Korean regime, has successfully laundered the proceeds from the Bybit hack. The funds were transferred through various channels, including native Bitcoin transactions, and this laundering process has been closely monitored.

Advertisement

Actions Taken to Strengthen External Access and User Security

Following the Bybit hack, Safe{Wallet} implemented several measures to limit external access and enhance user security. The platform temporarily restricted external access to its Transaction Service and imposed stricter firewall rules on externally facing services. These measures are intended to prevent further attacks while the investigation continues.

Safe{Wallet} also temporarily disabled native hardware wallet signing due to the potential risks associated with hardware dependencies. While native hardware wallet support has been disabled, users can still access their wallets via WalletConnect. This action was taken to safeguard users while also investigating potential vulnerabilities in the hardware wallet ecosystem.

To further bolster security, Safe{Wallet} cleared all pending queued transactions from its databases. This precautionary step was taken to eliminate the possibility of human error and reduce the risk of any transactions being compromised during the recovery process. Additionally, the platform has introduced a third-party verification tool, “Safe Utils,” which enables users to independently verify transaction hashes.

Advertisement

Share
Kelvin Munene Murithi

Kelvin Munene is a crypto and finance journalist with over 5 years of experience, offering in-depth market analysis and expert commentary . With a Bachelor's degree in Journalism and Actuarial Science from Mount Kenya University, Kelvin is known for his meticulous research and strong writing skills, particularly in cryptocurrency, blockchain, and financial markets. His work has been featured across top industry publications such as Coingape, Cryptobasic, MetaNews, Cryptotimes, Coinedition, TheCoinrepublic, Cryptotale, and Analytics Insight among others, where he consistently provides timely updates and insightful content. Kelvin’s focus lies in uncovering emerging trends in the crypto space, delivering factual and data-driven analyses that help readers make informed decisions. His expertise extends across market cycles, technological innovations, and regulatory shifts that shape the crypto landscape. Beyond his professional achievements, Kelvin has a passion for chess, traveling, and exploring new adventures.

Why trust CoinGape: CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journalists and analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.
Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.

Recent Posts

  • 24/7 Cryptocurrency News

North Dakota To Issue ‘Roughrider’ Stablecoin Following Wyoming’s Footsteps

North Dakota is set to become the second U.S. state to issue a stablecoin, named…

October 8, 2025
  • 24/7 Cryptocurrency News

Ethena Labs and Jupiter Partner to Launch JupUSD Stablecoin on Solana

Ethena Labs reported that it has partnered with Jupiter Exchange to develop JupUSD. This is…

October 8, 2025
  • 24/7 Cryptocurrency News

BlackRock’s Bitcoin ETF Leads ETFs With $3.5B Weekly Inflows as It Eyes $100B in AUM

BlackRock’s Bitcoin ETF, the iShares Bitcoin Trust (IBIT), has become the most bought exchange-traded fund…

October 8, 2025
  • 24/7 Cryptocurrency News

MetaMask Launches Hyperliquid Perpetuals In-App, Plans To Integrate Polymarket

MetaMask has officially introduced perpetuals trading on its platform, powered by Hyperliquid. Meanwhile, the crypto…

October 8, 2025
  • 24/7 Cryptocurrency News

XRP Treasury Holdings Hits $11.5B as Nasdaq-Listed Reliance Global Adds $17M in Fresh Buy

XRP holdings in corporate treasuries have now surpassed $11.5 billion in value. This follows news…

October 8, 2025
  • 24/7 Cryptocurrency News

FOMC Minutes, Jerome Powell Speech: Will Bitcoin Recover or Retrace Further?

Bitcoin and altcoins falter ahead of the FOMC Minutes release and Jerome Powell speech due…

October 8, 2025