Solana multisig provider conducting ‘comprehensive review’ after Safe exploit

“High value accounts” need purpose-built wallet solutions because sophisticated hackers can “potentially compromise any frontend,” Squads CEO told Blockworks

article-image

Artwork by Crystal Le

share


This is a segment from the Lightspeed newsletter. To read full editions, subscribe.


Yesterday, Bybit CEO Ben Zhou posted on X that the platform’s $1.4 billion hack had been caused by “malicious code originating from Safe{Wallet}’s infrastructure.” Solana CEOs had many words, including “nightmare season,” “holy hell,” and “holy shit.”

Preliminary reports indicate Safe’s frontend was exploited to trick Bybit into signing a malicious transaction, and Safe’s actual smart contracts appeared to perform as intended. Still, the foul language likely stemmed from the fact that wallets being exploitable gives hackers access to a whole lot of assets — Safe’s smart accounts secure over $100 billion in digital assets. 

In other words, hackers could go further than Bybit.

Squads, a multisig wallet used by a number of prominent Solana teams including Helium, Kamino, Pyth, Helius, Drift, Jupiter and Ellipsis, is “conducting a comprehensive review of our infrastructure to mitigate the possibility of such an attack,” CEO Stepan Simkin told me. 

Simkin emphasized that “high value accounts” need purpose-built wallet solutions because sophisticated hackers can “potentially compromise any frontend.”

The Bybit hackers — whom the FBI has now accused of being linked to North Korea — injected malicious code into Safe’s JavaScript files to alter Bybit’s multisig transactions and send the funds to the attacker’s address, according to a report from blockchain security firm Slowmist. While the crypto industry puts a lot of effort into auditing smart contracts, it focuses less than it should on “conventional infrastructure” — like leaked Amazon Web Services credentials, which was the culprit in this case, Simkin said. 

“JavaScript side hacks are the easiest to execute due to lack of audits,” Cube Exchange CEO Bartosz Lipinski said. “Solana is not immune to that.”

Lipinski said Cube chose multi-party computation over multi-signature for wallet security in part because it prevents “blind signing “ — which Bybit apparently did.

Simkin said Squads is working on a “decentralized frontend” that would allow users to interact with the protocol without having to rely much on its infrastructure.


Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
  • Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
Tags

Upcoming Events

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research Report Templates.jpg

Research

Bluefin possibly stands at an inflection point. The token is near an all-time low yet the protocol’s spot volume market share and derivatives exchange usage have been increasing month over month since its November launch. Given its current market position and the upcoming upgrades (for both Bluefin and SUI), there may be upside potential before the increased supply growth in December. However, strong opposition from existing competitors (like Cetus and Suilend), as well as new entrants (like Aftermath), pose key challenges to Bluefin’s medium-term success.

article-image

Top Committee Democrat Sen. Elizabeth Warren in her opening statement accused Atkins of “helping billionaire CEOs like Sam Bankman-Fried”

article-image

Introducing garbled circuits for enhanced privacy and regulatory compliance

article-image

Ross Ulbricht was a freedom maximalist building freedom tech, powered by Bitcoin

article-image

Solana validators can reap benefits including payments, votes and community clout

article-image

Sponsored

WalletConnect is cementing itself as the essential connectivity layer, ensuring wallets remain the entry point for billions of users

article-image

According to a legal filing, Galaxy Digital helped boost the price of LUNA while quietly selling its tokens