Solana multisig provider conducting ‘comprehensive review’ after Safe exploit

“High value accounts” need purpose-built wallet solutions because sophisticated hackers can “potentially compromise any frontend,” Squads CEO told Blockworks

article-image

Artwork by Crystal Le

share


This is a segment from the Lightspeed newsletter. To read full editions, subscribe.


Yesterday, Bybit CEO Ben Zhou posted on X that the platform’s $1.4 billion hack had been caused by “malicious code originating from Safe{Wallet}’s infrastructure.” Solana CEOs had many words, including “nightmare season,” “holy hell,” and “holy shit.”

Preliminary reports indicate Safe’s frontend was exploited to trick Bybit into signing a malicious transaction, and Safe’s actual smart contracts appeared to perform as intended. Still, the foul language likely stemmed from the fact that wallets being exploitable gives hackers access to a whole lot of assets — Safe’s smart accounts secure over $100 billion in digital assets. 

In other words, hackers could go further than Bybit.

Squads, a multisig wallet used by a number of prominent Solana teams including Helium, Kamino, Pyth, Helius, Drift, Jupiter and Ellipsis, is “conducting a comprehensive review of our infrastructure to mitigate the possibility of such an attack,” CEO Stepan Simkin told me. 

Simkin emphasized that “high value accounts” need purpose-built wallet solutions because sophisticated hackers can “potentially compromise any frontend.”

The Bybit hackers — whom the FBI has now accused of being linked to North Korea — injected malicious code into Safe’s JavaScript files to alter Bybit’s multisig transactions and send the funds to the attacker’s address, according to a report from blockchain security firm Slowmist. While the crypto industry puts a lot of effort into auditing smart contracts, it focuses less than it should on “conventional infrastructure” — like leaked Amazon Web Services credentials, which was the culprit in this case, Simkin said. 

“JavaScript side hacks are the easiest to execute due to lack of audits,” Cube Exchange CEO Bartosz Lipinski said. “Solana is not immune to that.”

Lipinski said Cube chose multi-party computation over multi-signature for wallet security in part because it prevents “blind signing “ — which Bybit apparently did.

Simkin said Squads is working on a “decentralized frontend” that would allow users to interact with the protocol without having to rely much on its infrastructure.


Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Unlocked by Template Presentation.jpg

Research

The Solana validator landscape has changed drastically over the past year. The chain now has 1,332 active validators with 380.9 million SOL staked (63.9% of supply) as of February 2025. Validator revenue had diversified beyond inflationary rewards (still making up 55%) to include Jito tips (30%), priority fees (24%), and base fees (<1%), in January, especially with the increased activity on Solana. Since then, issuance has become dominant again (76%), while Jito tips (14%), priority fees (9%), and base fees (less than 1%) have reduced in share of February 2025. There has been a strong shift towards non-inflationary revenue sources, which have become more central to validator economics as priority fees and off-chain blockspace auctions gain traction. Client diversity has also improved drastically, with implementations such as Agave, Jito-Solana, and Frankendancer already in use, and upcoming clients like Firedancer and Sig expected to further strengthen resilience and reduce reliance on a single codebase.

article-image

BWR analyst Carlos Gonzalez Campo explains the consequences of SOL inflation and transfers lost to “leaky buckets”

article-image

Empire co-host Santiago Santos makes the case that memecoins have actually helped push infra forward…just not in the way you think

article-image

A16z Crypto lists seven buckets for tokens and recommendations for how to regulate them, in a filing submitted to the SEC

article-image

New model aims to resolve trading inefficiencies with a single execution layer and market maker changes

article-image

Investors navigating BTC face short-term unpredictability, influence from other markets

article-image

The GENIUS Act aims to establish regulatory guidelines for stablecoins