When North Korean hackers stole $1.4 billion from Bybit in February 2025, they did not exploit a smart contract bug or crack a private key. Instead, they compromised a developer’s laptop at Safe{Wallet}, the company behind the multisig wallet that Bybit used to secure its cold storage. This type of attack — known as a supply chain attack — targets the tools, software, and infrastructure that cryptocurrency users rely on, rather than the blockchain protocols themselves. Understanding how these attacks work is essential for anyone holding or managing digital assets in 2025.
The Basics
A supply chain attack in the cryptocurrency context occurs when an attacker compromises a trusted component in the chain of software or services that users depend on. Rather than attacking a blockchain directly — which would require breaking cryptographic algorithms — attackers target the interfaces, development tools, wallet software, or infrastructure providers that sit between users and the blockchain.
In the Safe{Wallet} incident, the attack chain started with a developer being socially engineered into running malicious code disguised as a legitimate Docker project. Once the attacker had access to the developer’s machine, they escalated into Safe’s cloud infrastructure and injected malicious JavaScript into the Safe{Wallet} web application. When Bybit’s signers used the compromised interface to approve what appeared to be a routine transaction, the malicious code secretly replaced their transaction with one that transferred $1.4 billion to the attacker.
The fundamental problem is that most cryptocurrency users trust the software they see on their screen. When you open your wallet application and it shows a transaction waiting for your approval, you assume the display is accurate. Supply chain attacks exploit this trust by compromising the software that renders the information you base your decisions on.
Why It Matters
Supply chain attacks are particularly dangerous in cryptocurrency because blockchain transactions are irreversible. In traditional finance, a bank can reverse a fraudulent wire transfer, and credit card companies can issue chargebacks. On the blockchain, once a transaction is confirmed, it is permanent. This makes every point in the chain between you and the blockchain a critical security vulnerability.
The scale of the threat is growing. As of March 2025, with Bitcoin around $81,000 and Ethereum near $1,860, the total value locked in DeFi protocols and held in exchange wallets makes the cryptocurrency industry an extremely attractive target for sophisticated attackers, including nation-state hacking groups like North Korea’s Lazarus Group.
Common supply chain attack vectors in crypto include compromised wallet software, malicious browser extensions, fake cryptocurrency applications, hijacked software update mechanisms, and infected development tools. Each of these vectors can give attackers the ability to steal funds, manipulate transactions, or extract private keys without the victim realizing anything is wrong until it is too late.
Getting Started Guide
The first step in protecting yourself is to understand where you are vulnerable. Every piece of software you use to interact with cryptocurrency — from wallet applications to browser extensions to exchange websites — is part of your personal supply chain. Compromising any one of these components can give an attacker access to your funds.
Use hardware wallets for storing significant amounts of cryptocurrency. Hardware wallets keep your private keys on a dedicated physical device that is isolated from your computer’s operating system. Even if your computer is compromised by malware, a hardware wallet requires physical button presses to confirm transactions, providing an additional layer of security that software-only solutions cannot match.
Verify the source of all software you download. Only download wallet applications from official websites, and verify checksums when available. Be cautious of software updates — check that updates are legitimate by visiting the official website directly rather than clicking links in emails or messages. Bookmark important websites and access them only through your bookmarks.
Common Pitfalls
Many users make the mistake of assuming that because blockchain technology is secure, everything built on top of it is equally secure. This is a dangerous assumption. The blockchain itself may be mathematically sound, but the software you use to interact with it is built by humans and maintained on infrastructure that can be compromised.
Another common pitfall is over-reliance on visual confirmation. When you approve a transaction in your wallet, you are trusting that the software is displaying accurate information. If that software has been compromised, the transaction details you see may not match what is actually being signed. Hardware wallets mitigate this risk by displaying transaction details on their own screen, independent of the potentially compromised computer.
Users also frequently underestimate the sophistication of social engineering attacks. The Safe{Wallet} developer who was compromised was a professional working at one of the most security-conscious companies in the crypto industry. If they could be tricked, individual users are equally vulnerable.
Next Steps
Start by auditing your own crypto supply chain. List every piece of software, every website, and every service you use to manage your cryptocurrency. For each item, consider what would happen if it were compromised. Then take steps to reduce your exposure — use hardware wallets, enable multi-factor authentication, keep software updated, and verify the source of everything you install. The blockchain may be trustless, but the tools you use to access it are not. Treat them with the caution they deserve.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making financial decisions.
good explainer for newcomers. most people still think crypto gets hacked by breaking cryptography. nah, someone just clicked a bad link and installed malware
the docker project angle is scary because every dev uses docker daily. you cant just tell people to stop running containers from the internet
docker is infrastructure at this point. you cant just tell devs to manually verify every base image. we need signed builds and reproducible containers as the default
the social engineering angle is underrated. devs think they are too smart for phishing but north korea has entire teams dedicated to crafting convincing fake repos
the fake repo tactic is especially insidious. who verifies docker images before pulling? basically nobody. the supply chain trust model is broken by design
so basically the blockchain itself was fine, the wallet app got compromised. why do people keep calling it a crypto hack then?
because the end result was crypto getting stolen. the how matters less to headlines than the what. lazy journalism basically
Bybit losing 1.4B to a developer laptop compromise and not a smart contract flaw should change how teams think about security. less audits, more opsec