In February, the cryptocurrency ecosystem stood on the precipice of calamity. Hackers stole $1.5 billion of Ether from crypto alternate Bybit, the biggest theft the {industry} had ever seen.
Fears of a contagion-driven market collapse had been alleviated by an industry-wide effort to plug the hole at Bybit, and inside hours, the alternate regained management of the state of affairs.
The autopsy revealed that Bybit’s routine switch of Ether (ETH) between wallets had been captured by hackers. The attackers, believed to be North Korean Lazarus Group, compromised a SafeWallet developer machine, injecting malicious JavaScript into the consumer interface, which tricked Bybit’s multisignature course of into approving a malicious sensible contract.
9 months in the past, Bybit suffered the largest-ever crypto heist, as hackers stole ~$1.5 billion in Ethereum (~401,000 ETH) throughout a routine ETH switch.
Since then, the staff @protected has fully overhauled its infrastructure and methods. Protected CEO @rahulrumalla spoke candidly about… pic.twitter.com/fOYVOdF7ca
— Gareth Jenkinson (@gazza_jenks) November 6, 2025
The incident was a wake-up name for the cryptocurrency {industry}, provided that many exchanges and firms depend on the infrastructure and providers of gamers like Protected. Though Protected is a self-custodial pockets service, the incident proved that refined social engineering or compromised bodily {hardware} stays a risk to the complete {industry}.
Protected CEO Rahul Rumalla joined Cointelegraph’s Chain Response reside present to mirror on the learnings and systemic adjustments necessitated by the Bybit incident and the ever-present, ever-changing threats from cybercriminals.
Associated: SafeWallet releases Bybit hack autopsy report
Self-custody is fragmented
As Rumalla defined, a Protected developer workstation had been compromised, which set an entry level for hackers to stage an assault that might manipulate the web site code.
The Protected CEO mentioned that the state of affairs “was a reckoning second” that pressured the staff to reorganize its safety and infrastructure. It additionally drew consideration to industry-standard practices that might not be solely appropriate for the aim.
“Lots of people truly are subjected to the idea of blind signing. You actually don’t know what you’re signing, be it your signing machine or your {hardware} units. And that begins with training, that begins with consciousness, that begins with requirements,” Rumalla mentioned.
“In the end, on the earth of self-custody, the precise elementary design of that is shared duty of safety. It’s fragmented. And that is what we began re-architecting.”
Rumalla added that whereas Protected had confronted vital scrutiny within the wake of the Bybit theft, its core purchasers had been supportive and keenly conscious of the core assault vectors that led to the incident.
Associated: Timeline: How Bybit’s misplaced Ethereum went via North Korea’s washer
His staff then set to work breaking down the layers of structure that make up Protected’s safety infrastructure.
“We broke it down by transaction degree safety, signer machine degree safety, infrastructure degree safety, but in addition requirements and compliance, and auditability. All of them must work collectively not directly,” Rumalla mentioned.
The evolving risk from hackers
Lazarus Group hackers have been essentially the most prolific risk to the cryptocurrency ecosystem in recent times. Mainstream media forecasts the North Korean hacking group to bag over $2 billion in stolen cryptocurrency in 2025.
Rumalla mentioned that the most important problem is the facet of social engineering that hacking teams are utilizing to infiltrate main corporations within the {industry}.
“These attackers are in Telegram channels. They’re in our firm intro chats, they’re in your DAO’s posting for grants. They’re making use of for jobs as IT staff. They reap the benefits of the human ingredient.”
This additionally supplied a silver lining for Rumalla and his staff. Taking solace from the truth that their code and protocol weren’t at fault, the CEO mentioned there’s an earnest effort to stability safety and value.
“The sensible accounts, the core protocol, that was tremendous battle examined, which actually gave us the boldness to raise this on the layers above as nicely.”
Rumalla added that self-custody expertise traditionally concerned a compromise between comfort and safety. Nevertheless, a mindset change is required to make sure steady evolution in services and products that make it straightforward and safe for individuals to take self-custodial management of their property.
Journal: North Korea crypto hackers faucet ChatGPT, Malaysia street cash siphoned: Asia Specific
