Türkçe
Español
At the end of February, Safe undertook a comprehensive infrastructure overhaul to protect its systems following a cyberattack. This incident has been attributed to the TraderTraitor group, which is linked to North Korea.
Security Renewal Efforts
In the aftermath of the attack, Safe initiated a process that included renewing all credentials, resetting clusters, and updating structures. The existing container images were redeployed to enhance the robustness of the infrastructure. These measures aimed to ensure that the systems operate with stronger protection.
The Safe team collaborated with the cybersecurity firm Mandiant to comprehend the details of the cyberattack. The firm’s report highlighted the complexity of the attack and issues such as the compromise of AWS session key tokens. The report indicates that there are opportunities to identify vulnerabilities and proceed with improvement phases.
Enhanced Monitoring and Risk Mitigation
Alongside infrastructure renewal, systems aimed at detecting malicious activities were strengthened. Through a partnership with Blockaid, Safe improved its monitoring systems. Furthermore, advancements have been made in real-time threat detection across all layers to shorten response times.
To limit external access, Safe implemented temporary restrictions on some services associated with transactions. These restrictions were enforced as stringent firewall rules, particularly for outward-facing services. Hardware-based signature support was also temporarily disabled based on risk assessments.
Additional measures included clearing queued transactions in the database and deploying a third-party verification tool. Users are now empowered to validate transactions independently. As the process continues, efforts are underway to bolster the overall security level of the system while clarifying the investigation details.
