At the end of February, Safe launched a significant overhaul of its infrastructure in response to a cyberattack attributed to the TraderTraitor group, which has ties to North Korea. This incident prompted urgent reforms aimed at bolstering the company’s cybersecurity measures.
What Actions Did Safe Take for Security Overhaul?
In response to the breach, Safe undertook a series of critical actions, including renewing all user credentials, resetting clusters, and updating system structures. The organization redeployed existing container images to bolster the infrastructure’s strength, ensuring that its systems are better protected against future threats.
How Did Safe Collaborate with Cybersecurity Experts?
To fully understand the attack, Safe partnered with the cybersecurity firm Mandiant. Their report revealed the attack’s intricacy and identified concerns like the compromise of AWS session key tokens. This collaboration provided pathways to discover vulnerabilities and prompted the initiation of various improvement phases.
Critical takeaways from Safe’s response include:
- Renewed all credentials and enhanced infrastructure resilience.
- Increased monitoring systems through collaboration with Blockaid.
- Implemented strict access controls and temporary service restrictions.
- Enabled users to independently validate transactions with a third-party tool.
The series of measures taken by Safe aim to not only rectify existing vulnerabilities but also to establish a more robust security framework moving forward. As the investigation unfolds, the company remains committed to elevating its cybersecurity standards and maintaining transparency with its users.
