Cobo's Bybit analysis says attackers stole more than $1.5 billion after operators approved what appeared to be a normal Safe{Wallet} transfer from a cold wallet to a hot wallet. The transaction instead changed the Safe implementation contract and gave the attacker ownership of the wallet. The report cites blockchain investigator links to North Korea's Lazarus Group and compares the case to recent Safe-based attacks against WazirX and Radiant Capital. Cobo highlights three control failures: possible operator-device or UI compromise, blind signing on hardware wallets that did not show full transaction details, and the absence of independent policy checks such as whitelisting, contract-interaction controls, and separate co-signing review.