The article attributes the February 2025 Bybit theft to TraderTraitor, also tracked as Jade Sleet, UNC4899, and Slow Pisces, and describes it as a 19-day operation against Bybit's Safe wallet workflow. The attackers allegedly compromised Safe infrastructure, including AWS session access and a developer's macOS system, then injected malicious JavaScript into Safe's front end so targeted multisig transactions could be manipulated. Bybit and blockchain investigators linked the activity to DPRK cryptocurrency theft patterns, including commingled laundering with proceeds from the earlier Phemex breach. The source frames the incident as a supply-chain compromise against a third-party wallet platform rather than a direct private-key theft from Bybit.