SPECIAL OFFER: Get up to $70 of Bitcoin with your purchase of select Ledger wallets.

Shop now
Blog Enterprise

Enterprise | 03/27/2025

Learning From The Bybit/Safe Attack

Blog Enterprise

Last month, cryptocurrency exchange Bybit lost approximately $1.4 billion in digital assets through one of the most sophisticated attacks we’ve seen. This wasn’t a direct breach of Bybit’s systems but rather a supply chain attack targeting Safe.Global—the multi-signature wallet platform they trusted for cold storage management.

The attackers (North Korea’s Lazarus Group) executed a three-phase operation (based on the latest forensics reports from Mandiant and Verichain):

  1. February 18: Two malicious smart contracts were deployed on Ethereum, containing hidden backdoor functions.
  2. February 19: Safe.Global’s frontend delivery system (AWS S3/CloudFront) was compromised. Attackers injected malicious JavaScript designed to specifically target Bybit’s cold wallet addresses.
  3. February 21: When Bybit’s signers used the compromised interface for a routine transaction, the malicious code silently modified it to upgrade their safe contract to point to the attacker’s contract. Once approved, the attackers drained over 401,000 ETH along with various staked tokens.

The attack methodology mirrors recent high-profile hacks, such as those against WazirX, Radiant Capital, and DMM Bitcoin.

In these incidents, funds were stolen directly from the organizations’ multisig wallets, but crucially, the private keys themselves were not compromised.

The malicious code was sophisticated:

  • It selectively activated only for Bybit’s specific wallet addresses
  • It modified transactions in real-time but displayed original values to signers
  • It implemented anti-detection mechanisms like automatic page reloads
  • They reverted the backdoor 2 minutes after draining the funds

Most importantly, the attack targeted the interface used to sign transactions. The signers unwittingly approved the malicious transaction because they trusted what they saw on their screens.

 The Lessons The Industry Must Learn From The Bybit Hack

All enterprise-grade self-custody solutions on the market rely on non-secured intent/approval verification. Using front-end, mobile native application (or web view) to verify any information that will be passed on to the signer. It is important that those solutions implement security measures (like passkey), but this will never mitigate the risk of getting the front-end machines compromised and displaying data that don’t match the signed data (even with a strong WebAuthn setup). This is the critical vector of attack that was exploited during the Safe attack.

The lessons are clear and start with Clear Sign on any transaction requests, or change in the governance engine.

All companies using custody solutions should consider the following when setting up their custody solution: 

  1. Use Enterprise-grade custody Solution: Rely solely on enterprise-grade custody solutions that offer a strong governance (policies) framework with multi-approval, clear signing, whitelisting, threshold, KYT (Know Your Transaction), insurance, and integrated compliance. 
  2. Trust no interface: Even the most secure multi-signature setup is vulnerable if the signing interface is compromised. Just as TEEs struggle to ensure confidentiality and integrity in shared environments, web interfaces like Safe.Global can be compromised despite security guarantees. Hardware security devices that independently display and verify transaction details are essential.
  3. Critical keys should not be held by Users: One of the flaws of Multi-sig relies on the fact that Users directly hold keys that will sign the transaction. With Ledger Enterprise set up, critical keys are only held in the HSM Secure Element, and Operators with Ledger Stax only act as approvers (with a Trusted Display and Secured Channel).
  4. Implement Defense in Depth: Relying on a single interface created a single point of failure. True security requires multiple independent verification layers. 
  5. Mitigate Supply Chain Risks: Your security is only as strong as your weakest dependency. All third-party tools should be carefully evaluated with contingency plans for potential compromises.

The Path to More Secure Enterprise-Grade Crypto Custody

As cryptocurrency holdings grow larger, attackers are becoming increasingly resourceful. Cybersecurity never provides a single silver bullet solution, but rather a carefully orchestrated symphony of multiple protective layers—technical controls and solutions, human practices, organizational policies, and continuous vigilance—working in concert to create a resilient defense against constantly evolving threats.

Organizations managing significant digital assets can consider the following points.

Technical Controls:

  • Deploy Hardware Security Modules (HSMs) for secure key storage and governance enforcement
  • Implement hardware-enforced Trusted Display systems for transaction requests and governance verification (Clear Signing) independent of web interfaces
  • Establish clear governance frameworks with mandatory quorums (multi-approval) for critical operations and use whitelisting across the whole wallet architecture. Having this part running in a Secure Enclave gives more certainty to the user on what will be passed on to the signer
  • Deploy anomaly detection systems to identify suspicious patterns
  • Design segmented environments assuming component compromise

The Human Element:

  • Implement regular security awareness training focused on attack recognition
  • Establish strict separation of duties for transaction approvals
  • Apply least privilege principles to limit potential insider threats
  • Create user experiences that highlight inconsistencies in transaction details
  • Security above frictionless UX: Foster a culture where security verification is valued over convenience

Ledger’s choice, and how it would have mitigated Safe’s attack:

At Ledger we chose the highest level of security standard in the industry by implementing governance at HSM’s level, using a secure channel directly between HSM and each Personal Security Devices (Ledger Stax) for persistent trusted display of any operations.

We use a combination of:

  • Secure Foundation with FIPS 140-2 L3 certified Hardware Security Modules (HSM) with proprietary firmware from our security bedrock, handling all cryptographic secrets and enforcing governance rules. These HSMs operate as the definitive source of truth for all critical operations. Ledger’s HSM firmware code cannot be tampered with, especially as it requires a signed quorum to authorize modification of code. 
  • Trusted Personal Security Devices (Ledger Stax): Each authorized operator and administrator is equipped with dedicated endorsed personal security devices (Ledger Stax) that serve as tamper-resistant verification points outside the potentially compromised environment. All transaction requests or changes in governance are Clear Signed by every Operator and Administrator ensuring that what is approved is what is being handled by the HSM critical part.
  • Secure Communication Channel: A fully encrypted, mutually authenticated channel between the HSMs and Personal Security Devices ensures that transaction details and approval requests remain accurate and unaltered. This channel operates independently of our web infrastructure, guaranteeing that what appears on the Stax display is exactly what the HSM will execute, regardless of front-end or back-end manipulation.
  • Strong Governance Framework implemented directly at the HSM level (running on Secure Enclave) that requires a quorum for every change or request. This critical part ensures that signing will only be released when approvals from endorsed, designated Ledger Stax are collected by the HSM signer.
  • Security-centered UX design that helps detect potential inconsistencies in what is being approved. UX is at the center of our solution, in addition to hardware and software security, UX can prevent a lot of human-centered attacks by making reviews easier.
  • Transaction intent HSM parsing: Any transaction intent, or governance rule updates are crafted on a secured server. Moreover, the entire flow from intent to signature crafting is done within the Secure Element of the HSM, ensuring that even if the intent was tampered with, it can show the right information to the User.
  • Independent Recovery: Clients can conduct an independent recovery without the help of Ledger in case the system fails. Giving full control to the client over its funds. Ledger will never be a blocker for accessing funds for a client.

Ledger’s approach is predicated on the fact that anything happening outside of HSM and Secure Elements can be tampered with. With Ledger Enterprise, a similar attack would not be possible, and here’s why. 

In a typical setup, the cold wallet would have a whitelist governance rule enforced at the HSM level. When a transaction request is initiated (transactions are only crafted on the secured server side), it would first undergo verification by at least one Operator using a Ledger Stax, leveraging Clear Signing. 

This process ensures that the details displayed on the Ledger Stax remain tamper-proof, even if the front-end or back-end interface is compromised.

Subsequently, the transaction request would proceed through the designated approval workflow, involving additional Operators. The HSM will only authorize the signing of the transaction after receiving the required approvals from all designated Ledger Stax devices. Notably, the transaction details are parsed within the Secure Element of the HSM.

In contrast, custody solutions that do not incorporate distributed hardware with Trusted Display and Clear Signing are susceptible to UI compromises. Attackers could exploit this vulnerability to mislead users into approving malicious actions, such as unauthorized modifications to governance rules.

However, with Ledger’s architecture, the HSM and Ledger Stax devices operate through a mutually authenticated, secure channel. Consequently, once the transaction intent reaches the HSM, the HSM securely parses the intent within its Secure Element and accurately displays the untampered information on all Ledger Stax devices.

After The Bybit Hack, The Industry Must Change

At Ledger, we’ve long advocated for hardware-based security solutions that operate independently of potentially compromised software environments. As we detailed in our recent TEE analysis, “In the realm of cryptocurrency wallet security, the stakes are exceptionally high: there is no margin for error.” 

Our approach prioritizes “dedicated, non-shared and programmable hardware for all critical operations” rather than relying on complex processor architectures or cloud-based TEEs that can introduce vulnerabilities.

The sophistication of the Bybit incident highlighted why this approach isn’t just best practice—it’s becoming an absolute necessity. Like the BadRAM attack showed with TEEs, even technologies promising strong security guarantees can be undermined when their underlying components or interfaces are compromised.

Ledger has a unique position today to offer secured distributed hardware, with a trusted display to any company looking for a self-custody solution. If the industry wants to avoid those attacks, they should implement this distributed hardware solution, which only Ledger can provide today.

If you want to learn more and discuss how Ledger Enterprise can improve your business security contact us here.


Philippe Hébrard
Head of Product – Ledger Enterprise

More articles

Enterprise | 10/18/2023

Unlocking Institutional Opportunities: Navigating the World of As...

Read more

Stay in touch

Announcements can be found in our blog. Press contact:
media@ledger.com

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.