In February, the cryptocurrency ecosystem stood on the precipice of disaster. Hackers stole $1.5 billion of Ether from cryptocurrency exchange Bybit, the largest theft the industry has ever seen.

Fears of a market collapse due to the epidemic were alleviated by industry-wide efforts to plug the Bybit vulnerability, and within hours the exchange regained control of the situation.

An autopsy revealed that Bybit’s routine transfer of Ether (ETH) between wallets was intercepted by hackers. The attackers, believed to be the North Korean group Lazarus, compromised a SafeWallet developer’s machine by injecting malicious JavaScript code into the user interface, which tricked Bybit’s multi-signature process into validating a malicious intelligent contract.

9 months ago, Bybit experienced the largest crypto heist in history as hackers stole ~$1.5 billion in Ethereum (~401,000 ETH) during a routine ETH transfer.

The band has been around since then @safe and sound completely overhauled its infrastructure and systems. Sheltered CEO @rahulrumalla he spoke honestly about… pic.twitter.com/fOYVOdF7ca

— Gareth Jenkinson (@gazza_jenks) November 6, 2025

The incident was a wake-up call for the cryptocurrency industry, given that many exchanges and companies rely on the infrastructure and services of players like Sheltered. Even though Sheltered is a self-managed wallet service, the incident proved that sophisticated social engineering or compromised physical hardware remains a threat to the entire industry.

Sheltered CEO Rahul Rumalla joined Cointelegraph’s Chain Reaction live show to reflect on the lessons learned and systemic changes required by the Bybit incident and the ever-present and evolving threats from cybercriminals.

Related: SafeWallet publishes autopsy report on Bybit hack

Self-care is fragmented

As Rumalla explained, the developer’s secure workstation was breached, providing an entry point for hackers to launch an attack that could manipulate the website’s code.

Sheltered’s CEO said the situation “was a moment of reckoning” that forced the team to revamp its security and infrastructure. Attention was also drawn to industry standard practices that may not be entirely appropriate for this purpose.

“The reality is that a lot of people are exposed to the concept of blind signing. You don’t really know what you’re signing, whether it’s a signing device or equipment. And that starts with education, it starts with awareness, it starts with standards,” Rumalla said.

“Ultimately in the world of self-care, the real underlying assumption is shared responsibility for safety. It’s fragmented. And that’s what we started with by changing the architecture.”

Rumalla added that while Sheltered came under intense scrutiny in the wake of the Bybit theft, its core customers were supportive and were fully aware of the main attack vectors that led to the incident.

Related: Timeline: How Bybit’s lost Ethereum passed through a washing machine in North Korea

His team then began working to break down the architectural layers that make up Sheltered’s security infrastructure.

“We’ve broken it down by transaction-level security, signing device-level security, infrastructure-level security, but also standards and compliance and auditability. They all have to work together in some way,” Rumalla said.

The evolving threat from hackers

Hackers from the Lazarus Group have been the most grave threat to the cryptocurrency ecosystem in recent years. Mainstream media forecasts North Korean hacker group will collect over $2 billion in stolen cryptocurrency in 2025.

Rumalla said the biggest challenge is the social engineering aspect that hacker groups exploit to infiltrate huge companies in the industry.

“These attackers are on Telegram channels. They are in our company’s introduction chats, they are in your DAO’s grant posts. They are applying for jobs as IT workers. They are exploiting the human element.”

This also improved the situation for Rumalla and his team. Taking comfort in the fact that their code and protocol are not flawed, the CEO said every effort is made to balance security and usability.

“Smart Accounts, the core protocol that was super battle tested, which really gave us the confidence that we could level up in the higher tiers as well.”

Rumalla added that self-care technology has long involved a trade-off between convenience and safety. However, a shift in thinking is needed to ensure that products and services continue to evolve so that people can easily and safely take control of their assets.

Warehouse: North Korean Crypto Hackers Exploit ChatGPT, Moving Money Out of Malaysia: Asia Express