Safe{Wallet}

2017-01-01

Safe launched as Gnosis Multi-signature Wallet, the first version of what would become the industry-standard Ethereum multisig.

2018-01-01

Gnosis Safe released, introducing a proxy-singleton architecture and modular design, replacing the original Gnosis Multisig.

2022-04-20

Project rebranded from Gnosis Safe to Safe; SAFE governance token launched with 1 billion total supply.

2023-01-01

Safe Ecosystem Foundation formally incorporated; SafeDAO formed following strategic fundraise from investors.

2024-04-25

SAFE token reached its all-time high of approximately $2.69–$4.48 per token.

2025-02-04

A Safe{Wallet} developer's macOS workstation was compromised via social engineering. The developer downloaded a Docker project ('MC-Based-Stock-Invest-Simulator-main') containing malware that exploited a PyYAML RCE vulnerability.

2025-02-05

Attackers used the developer's extracted AWS credentials to access Safe's cloud infrastructure, hijacking an active session token to bypass MFA.

2025-02-19

Attackers injected malicious JavaScript into the file '_app-52c9031bfa03da47.js' in Safe's AWS S3 bucket. The payload was designed to activate only when Bybit's contract addresses were detected.

2025-02-21

Bybit's signers used the compromised app.safe.global interface to authorize what appeared to be a routine cold-wallet transfer. The malicious JavaScript silently replaced the transaction's destination, resulting in approximately 400,000 ETH (~$1.5 billion) transferred to attacker-controlled addresses at approximately 14:13 UTC.

2025-02-21

Approximately two minutes after the malicious transaction was executed (~14:15 UTC), attackers uploaded clean JavaScript files back to Safe's AWS S3 bucket to erase forensic evidence.

2025-02-26

FBI formally attributed the Bybit theft to North Korea's TraderTraitor threat group via IC3 public service announcement. Safe and Bybit issued competing statements on responsibility.

2025-02-28

Safe Ecosystem Foundation published its official statement, confirming the developer machine compromise, confirming smart contracts were unaffected, and announcing full infrastructure rebuild and credential rotation.

2025-03-03

Safe co-founder Martin Koeppelmann confirmed ten UI security improvements had been shipped, including displaying full raw transaction data and removing hardware wallet integrations that raised security concerns.

2025-03-20

Approximately 86% of the stolen ETH had been converted to Bitcoin and dispersed across thousands of addresses, according to tracking by blockchain analytics firms.

2025-07-01

Rahul Rumalla joined the Safe ecosystem as VP of Product and Engineering; later became CEO of Safe Labs as the subsidiary took direct operational control of Safe{Wallet}.

2026-04-02

Safe Foundation launched Safenet Beta at EthCC in Cannes, a decentralized transaction-security network using cryptographic attestations to address the blind-signing vulnerability class. Six genesis validators each staked a minimum of 3.5 million SAFE tokens.