$1.4B Bybit hack raises questions over Safe’s transaction security
The Bybit exchange was hacked for some $1.4 billion in ether this morning, marking the largest exploit in crypto history.
Research platform Arkham claims onchain sleuth ZachXBT submitted definitive proof linking the hack to North Korea-linked Lazarus Group. One further piece of evidence indicates the attack may have been years in the making.
The hacker transferred some 400,000 ETH out of Bybit’s cold wallet and subsequently split it into dozens of other wallets. Bybit’s CEO Ben Zhou pointed to an exploit in the user interface (UI) of the company’s multisignature wallet, provided by Safe — a wallet provider used by a variety of large organizations in the Ethereum world.
“It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL,” Zhou said. “Musked” refers to the transaction payload being obfuscated or spoofed.
According to crypto security firm Groom Lake, a Safe multisig wallet was deployed on Ethereum in 2019 and on the Base layer-2 in 2024 with identical transaction hashes. Ethereum’s alphanumeric transaction hashes are 64 characters long, so deploying the same smart contract transaction hash twice should be mathematically impossible.
The same transaction hash appearing on both Ethereum and Base indicates an attacker could have found a way to make a single transaction valid on more than one network or could be reusing crypto wallet signatures or transaction data across networks, pseudonymous Groom Lake researcher Apollo said.
However, the Safe team does not think there is a link to the current exploit.
“The transaction in question is the transaction deploying the singleton contract,” a Safe spokesperson told Blockworks. “It was deployed without EIP-155 to support easy cross-chain deployments. Replaying the singleton creation doesn’t pose any security risk.”
EIP-155 (Ethereum Improvement Proposal 155) was introduced in 2016 as a security measure to prevent transaction replay attacks across different chains. Before EIP-155, if a transaction was signed on one Ethereum-based network — e.g. Ethereum mainnet — it could be replayed on another Ethereum-compatible chain because the signature remained valid.
EIP-155 solved this by adding a chain ID to signed transactions, ensuring that a transaction intended for Ethereum cannot be valid on another chain like Base. This means that even if a private key is compromised, an attacker cannot reuse old signed transactions across different chains.
Alternatively, the hack could have resulted not from a flaw in Safe’s smart contracts, or a type of replay attack, but rather a UI manipulation or wallet infrastructure compromise — where signers unknowingly authorized contract modifications.
That would put it in the same class as the Radiant exploit of December 2023 and the March 2024 WazirX breach.
The main Safe user interface is currently offline as a precaution.
“We remain confident there’s no exploit in the official Safe {Wallet} frontend but if you need to transact, you can still manage your Safe using these alternative interfaces,” the Safe team ytbwrote on X.
If Safe’s assessment is correct, this reduces the likelihood of a systemic vulnerability in Safe’s smart contracts.
“If it was, it won’t be Bybit,” the spokesperson added, implying that there are far larger Safe targets to go after. Safe collectively secures over $100 billion in digital assets across more than seven million smart accounts.
However, it still suggests a security risk in how Safe transactions are reviewed and approved, especially by large institutions using multisigs.
Multisig signers should verify transaction payloads at the raw data level, not just the UI display.
Meanwhile, every security eye in the industry is going to be on the attackers’ wallet trail. For the moment, the person or group responsible is the fourteenth largest ETH holder in the world.
Updated Friday, February 21 at 3:40 pm ET: Added Arkham’s claim that Lazarus Group was behind the hack.
Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.
Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.
Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.
The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.