Skip to main content

Gnosis Safe: The Hack That Should Have Never Been Possible

· 6 min read
Max Kaido
Max Kaido
Architect

gnosis rage

🚨 Gnosis Safe: The Hack That Should Have Never Been Possible 🚨

I almost missed the biggest crypto hack in history. No, really.

This morning, Bybit was running smooth as ever. No downtime. No chaos. But my phone was buzzing like crazy:

  • Bitcoin went below $90K.
  • Bitcoin went above $90K.
  • Bitcoin went below $90K again.
  • "How about 100x leverage on Bitcoin futures?"

It was funny at first—until I looked into what was happening. Bybit had just been hacked for $1.5 billion.

The Most Avoidable Hack in History

Let’s be clear: This wasn’t a sophisticated blockchain exploit. It wasn’t a flaw in smart contracts. It wasn’t even an issue with Bybit itself.

This hack was a complete humiliation for the industry because it exposed the single dumbest security failure imaginable:

🔥 It does not matter what your blockchain and smart contract do if your interface lets hackers do whatever they want while showing something completely different. 🔥

At this point, your "security system" might as well be a Magic 8-ball, a fortune cookie, or a hamster spinning a wheel with "approve transaction" written on it. At least the hamster would hesitate.

That’s exactly what Safe did. They let North Korean hackers replace their UI with a fraudulent front-end, tricking people into signing transactions that looked normal—but actually sent money straight to the attackers.

This wasn’t just negligence—it was reckless self-sabotage.

They Could Have Just Done Nothing

What makes this hack even more infuriating? It didn’t have to happen.

If Gnosis Safe had just sat still and done NOTHING, this hack wouldn’t exist.

Instead, they spent years pretending to improve things, rebranding from "Gnosis Safe" to just "Safe," burning money, and somehow managed to introduce a security hole so wide you could drive a truck through it.

They were not improving crypto security. They were not making DeFi safer. They were not building for the future.

What they were doing was: ✔️ Attracting VC money while delivering nothing of real value. Every dollar sunk into their "improvements" was a dollar taken away from projects actually trying to move the industry forward. ✔️ Burning time and trust. Running in circles instead of just maintaining a working multisig solution. ✔️ Making the industry worse. By their own actions, they handed North Korean hackers a red carpet into Bybit’s funds and put billions of user assets at risk.*

That’s not security. That’s deliberate mismanagement.

Crypto Needs Better.

Bybit had to borrow over $1 billion in USDT just to patch the hole Safe created. Now, they’re pushing 100x leverage offers to get traders active. The damage is already done.

Meanwhile, Safe continues as if they didn’t just completely discredit themselves.

This hack should be a turning point. We need security solutions that actually work—not gatekeepers who burn time and money while making things worse.

And this is exactly why security in trading infrastructure cannot be an afterthought. With failures like this, traders need systems that are actually designed for resilience, not built on empty marketing.

That’s why I’m building Mercury—an AI-driven trading system that prioritizes execution over illusions of security. It’s designed to work within Bybit’s ecosystem, staying efficient, secure, and resistant to the kind of stupidity that led to this disaster. No gimmicks, no rebrands—just real, verifiable performance.

The lesson here? Blind trust kills. Whether in security solutions or trading infrastructure, what matters is verifiable execution—not illusions of safety.

Crypto isn’t just about trading, it’s about who we trust to build the future. And if this hack proved anything, it’s that Safe was the wrong choice.

#BybitHack #GnosisSafe #CryptoSecurity #MercuryTrading #Decentralization #IndustryFailures

v1

🚨 The $1.5 Billion Hack That Exposed Crypto's Biggest Security Illusion 🚨

I've been watching the aftermath of the Bybit hack unfold, and I can't stay silent anymore.

On February 21st, Bybit lost $1.5 billion in what's now confirmed as one of the largest crypto heists in history. What's truly shocking isn't the amount—it's how it happened.

This wasn't some sophisticated zero-day exploit. It wasn't a complex smart contract vulnerability. It was something far more fundamental and inexcusable.

The Security Theater That Failed Us All

The attack vector? Safe (formerly Gnosis Safe) had their infrastructure compromised, allowing North Korean hackers to replace their UI with a fraudulent front-end. This malicious interface showed Bybit's multisig signers one transaction while having them sign something completely different.

Let that sink in.

🔥 It doesn't matter how secure your blockchain or smart contract is if your interface can be compromised to show users something entirely different from what they're actually signing. 🔥

This is the equivalent of a bank vault with an impenetrable door but a security guard who hands your money directly to thieves while showing you a receipt that says "deposit confirmed."

A Failure Years in the Making

What makes this particularly egregious is that Safe had one job: provide secure multisig wallet functionality. That's it.

Instead, they spent years rebranding from "Gnosis Safe" to just "Safe," raising venture capital, and apparently neglecting the core security infrastructure that was their entire reason for existing.

The result? A compromised AWS S3 bucket that hosted their frontend—a vulnerability so basic it's taught in entry-level security courses.

This wasn't an unavoidable sophisticated attack. This was a fundamental failure of security practices that put billions of dollars at risk.

The Industry Deserves Better

Bybit had to borrow over $1 billion in USDT just to cover the losses. The damage to user trust extends far beyond just one exchange.

This hack exposes a critical truth: in crypto, we've been building on foundations of sand. We've been trusting interfaces without verification, relying on security theater instead of actual security.

Building Real Security From First Principles

This is precisely why I've been developing Mercury—an AI-driven trading system built with security as a first principle, not an afterthought.

Mercury approaches security differently:

  • Verifiable execution paths for every transaction
  • Multiple independent verification channels before any significant action
  • Defense-in-depth architecture that doesn't rely on a single point of failure
  • Continuous security auditing rather than "set and forget" security

The system works within Bybit's ecosystem but adds layers of protection that would have prevented this exact attack vector. It's not about flashy marketing or rebrands—it's about building systems that actually work as promised.

The Path Forward

The lesson from this hack is clear: blind trust in security solutions is dangerous. What matters is verifiable execution and multiple layers of protection.

As the industry rebuilds from this disaster, we need to demand more from the projects we entrust with our assets. We need to move beyond security theater to actual security.

That's the standard I'm building Mercury to meet—because the future of crypto depends on getting this right.

#BybitHack #CryptoSecurity #MercuryTrading #Cybersecurity #Web3Security

v2

The $1.5 Billion Hack That Exposed Crypto's Biggest Security Illusion

When Trust Becomes Vulnerability

On February 21st, the crypto world witnessed one of its largest security breaches: Bybit lost $1.5 billion in a single attack. As I've analyzed the aftermath, what's most alarming isn't the staggering amount—it's the deceptively simple way it happened.

This wasn't a sophisticated zero-day exploit or an obscure smart contract vulnerability. It was a fundamental breakdown of what we've all been told to trust.

The Emperor Has No Clothes

The attack vector? Safe (formerly Gnosis Safe)—a platform specifically designed for secure multi-signature transactions—had their infrastructure compromised. North Korean hackers replaced their user interface with a fraudulent front-end that showed Bybit's multisig signers one transaction while having them sign something entirely different.

This reveals a critical truth about blockchain security:

The immutability of the blockchain becomes meaningless when the interface between humans and that blockchain can be compromised.

It's like having an unbreakable lock on your front door while someone replaces your security camera feed with pre-recorded footage—you're confidently watching an empty hallway while thieves walk right in.

A Systemic Failure of Priorities

What makes this particularly troubling is that Safe had one primary mission: provide secure multisig wallet functionality. That was their entire value proposition.

Yet somehow, basic infrastructure security—like properly securing the AWS S3 bucket that hosted their frontend—took a backseat to rebranding efforts and venture capital raises.

The result? A vulnerability so fundamental it's covered in entry-level security courses led to a $1.5 billion loss. Bybit had to borrow over $1 billion in USDT just to cover the damage.

Rethinking Security From First Principles

This incident has reinforced my conviction in the approach we're taking with Mercury, our AI-driven trading system. When I began designing Mercury, I started with a question that now seems prophetic:

"What if we assume every interface could be compromised, and design our security accordingly?"

This first-principles approach led to Mercury's distinctive security architecture:

Layers of Protection, Not Points of Failure

Mercury implements a multi-layered security approach inspired by ancient wisdom—where no single component is trusted implicitly:

  • Truth Verification: Every transaction is validated against mathematical principles and historical patterns, flagging anomalies that deviate from expected behavior
  • Orchestrated Oversight: System-wide verification ensures no single point of failure can compromise the entire system
  • Knowledge-Based Validation: Actions are cross-referenced against a continuously updated security database
  • Consensus Requirements: Critical operations require multiple independent verification methods to agree before proceeding

Beyond Interface Security

Mercury's approach transcends traditional interface security by:

  1. Verifiable Execution Paths: Every transaction generates a cryptographic proof of its intended outcome that must match across multiple verification layers
  2. Out-of-Band Confirmation: Critical actions require verification through separate communication channels
  3. Continuous Behavioral Analysis: The system learns normal patterns and flags deviations, rather than relying solely on signature verification
  4. Defense-in-Depth Architecture: Security is built in layers, with each providing protection if others are compromised

The Path Forward

The Bybit hack has made one thing abundantly clear: the crypto industry must move beyond security theater to actual security. We need systems designed with the assumption that any single component could be compromised.

Mercury represents my commitment to this new security paradigm—not because it makes for good marketing, but because it's the only responsible way to build systems that handle significant value.

As the industry rebuilds from this disaster, I invite fellow builders to join me in raising the standard. Let's create systems where security isn't just a feature—it's the foundation.

Because in a world where a single compromised interface can lead to a $1.5 billion loss, anything less is simply irresponsible.

What security measures do you think are most critical for the next generation of crypto platforms? I'd love to hear your thoughts in the comments.

#BybitHack #CryptoSecurity #MercuryTrading #Cybersecurity #Web3Security