North Korean Hacker Group's Attack on Top Coin Circle Infrastructure Safe: How Important Is Security in Crypto? In this translation, I aimed to maintain the original meaning while ensuring the terminology related to finance and blockchain was accurately
The next hacker-themed movie may be inspired by the recent $1.5 billion Bybit and Safe hack. The hacker's technique was near-perfect, and so far, no traces have been found.
After a week of multi-party investigations, updates have been provided by Safe's team, Bybit's team, and the security company. Blockbeats has summarized the investigation results in the most concise language, revealing the first-hand situation:
1. Code is fine: Safe's front-end code is open source, with no issues at the code level. It was Safe's server security that was compromised.
2. Inside job: Specifically, the code deployed in the production environment was not consistent with what was shown in the open-source repository. This means that at some point, someone replaced or inserted malicious code during the deployment process.
3. Unknown insider: Not all developers have the permission to deploy production code. The individual capable of conducting such a deep operation must have a high level of trust. This insider could be a long-trusted developer or a team member with sufficient permissions. The attacker concealed their tracks for a considerable period. Safe has examined the transaction history, found no anomalies, and has not identified the insider. The community and users are requested to assist in the investigation.
In addition, Safe has not mentioned any plans for compensation but has discussed some follow-up upgrade plans. They also remind everyone to stay rational and to not trust those who are marketing so-called "advanced multisig," "semi-custodial," "MPC," and similar products leveraging this hack event, as these products may instead expand the attack surface.
Indeed, this is not the first theft involving Safe's multisig. The technique used this time is very similar to the October incident involving Radiant Capital. During the Radiant Capital hack, the hacker infected the core developer's device and implanted malicious software, causing the developer to mistakenly believe they were signing a legitimate transaction when, in reality, a malicious transaction was being executed in the background.
Safe's Impact on the Crypto Space
Why is this event so attention-grabbing? The reason is that Safe is the most popular multisig wallet in the Ethereum ecosystem.
When Safe was launched last year, the top 100 airdrop addresses were mainly project teams, institutions, and large holders. This means that Safe's security can impact a significant part of the crypto space.
As shown in the image, well-known names include Metamask, PleasrDao, AAVE, 1inch, Lido, and more.

During this cycle, traditional finance, traditional institutions, family funds, and old money have accelerated their entry. However, due to the high entry barrier of crypto, many people have chosen a relatively safer way to protect their funds while engaging in on-chain activities, which is through a multi-signature wallet like Safe.
For example, the most representative is former President Trump's DeFi team.

According to Safe's guardians speaking to Doozer BlockBeats, the simplest way to determine if an on-chain address is a Safe wallet address is through two methods: first is the "MultiSig" displayed on ARKHAM, and second is the "MultiSig: Safe" directly displayed below the address on the debank page. As seen in the image above, former President Trump's DeFi project World Liberity Fi indeed uses a multi-signature wallet.
This means that any security vulnerability within Safe could potentially trigger a huge chain reaction and butterfly effect.
Even Top Coin Security Infrastructure Can Encounter Issues
The Safe project is basically a blue-chip project in the Ethereum ecosystem, with its incubation team being Gnosis.
Gnosis Chain, which was a well-known Ethereum sidechain in the previous cycle, focuses on efficient and secure decentralized application development. According to DefiLlama data, as of the time of writing this article, Gnosis Chain's total value locked (TVL) is $200 million, with a peak of $350 million.

In fact, the story of the Gnosis ecosystem and incubator can be traced back to 2015.
Compared to the now well-known Polymarket, Gnosis co-founder Martin Koeppelmann began researching decentralized prediction markets much earlier. In 2015, he posted his thoughts on the combination of MarketMaker and OrderBook on his forum, which was one of the earliest concepts of a decentralized prediction market in the industry.
Martin Koeppelmann is also one of the earliest Ethereum developers, having joined before TheDAO era and being based in Berlin, he had close interactions with Vitalik, who had an office in Berlin at the time.

Over the years, he has been actively involved in many discussions in the Ethereum development community, often engaging with Vitalik on topics such as L2, ZK, and the Ethereum roadmap. Martin's integration into the community can also be seen from his social media presence.
Based on this technical expertise, Gnosis has gradually developed a complete ecosystem. Evolving from Gnosis Protocol to CowSwap, Martin and his team have further expanded to create products such as Gnosis Chain, Safe, and Gnosis Pay.
Has the Bear Market Signal Been Triggered?
The extensive impact of this Safe security incident has indeed caused a significant amount of panic and pessimism in the crypto community. According to Alternative.me data, today's cryptocurrency fear and greed index has dropped to 10, hitting a new low since July 2022, with the market remaining in extreme fear.
Many community members are now questioning whether multi-signature is merely a "fig leaf" decoration.?
Simultaneously, many industry practitioners are expressing reflection and concerns about the industry: "If multi-signature wallets are not secure, then who will take this industry seriously and trust it? Has the crypto industry turned into a hacker haven?"
A historical perspective shows that the end of each crypto bull market is often accompanied by major security and trust crises.
For example, the early Mt.Gox event led to a large amount of crypto assets being stolen, becoming one of the most famous hacking incidents in crypto industry history; the end of the last bull market started with a trust crisis stemming from FTX's run on the bank and Terra's collapse, severely affecting investor confidence in the entire industry.
So, what will mark the end of this bull market? Pessimistically, the Safe security incident is very likely to be one of the "signals" marking the end of this bull run.
You may also like
Circle CEO responds to OUSD's challenge: Stablecoins are a winner-takes-all business, and we will not slow down
Argentina vs Cape Verde: When a Record-Breaking Legend Meets an Unbreakable Underdog
WEEX exclusive pre-match analysis of Argentina vs Cape Verde, exploring Messi-led Argentina’s dominance and Cape Verde’s historic defensive breakout, with a breakdown of volatility, structure, and match dynamics.
How does Gate redo "buying and selling stocks" from the cryptocurrency world to the stock market?
Former ByteDance employee's account: How I started with two Pinduoduo hard drives and made six times the profit with Seagate to achieve financial freedom?
Visa and Mastercard join 140 giants to launch a new stablecoin, but the impact on the market landscape may still be limited
WEEX Launches Depth Chart for Spot Trading
MiCA reshuffle begins, Binance temporarily bids farewell to the EU
Raising interest rates to protect STRC and selling coins to maintain credit, this time the strategy has chosen the two most expensive paths
Morning Report | Samsung announces a 265.5 trillion won investment plan, focusing on semiconductor and AI computing power data centers; Vitalik publishes an article detailing the entire technology tree behind the confusion protocol (iO) mainline
In the era of AI, what is left of Bitcoin?
NeoSoul announced plans to integrate with the OKX Agentic Wallet, promoting AI agents' participation in the on-chain economy
Why Is Bitcoin Lagging Stocks in 2026? AI Stocks, ETF Outflows, and the Nasdaq Rally Explained
What you bought on CEX is really not US stocks: Analyzing the 94% liquidation monopoly and the evaporation of equity under a five-layer pipeline
In such a crowded cross-border payment arena, where is the next stop for the future?
Why Is Bitcoin Down in 2026? What We Can Learn From 2022
The large models in the United States are moving towards closure in the name of security
From the white-haired stock god to the billionaire fund mogul, the smart people shorting Nvidia are all getting rich using the same framework
Morning Report | CoinEx becomes a key hub for Iran to evade sanctions, involving over $3.8 billion in funds; Kalshi seeks a new round of financing, with a valuation potentially rising to $40 billion
Circle CEO responds to OUSD's challenge: Stablecoins are a winner-takes-all business, and we will not slow down
Argentina vs Cape Verde: When a Record-Breaking Legend Meets an Unbreakable Underdog
WEEX exclusive pre-match analysis of Argentina vs Cape Verde, exploring Messi-led Argentina’s dominance and Cape Verde’s historic defensive breakout, with a breakdown of volatility, structure, and match dynamics.

