The Safe team, one of the most widely used multi-signature wallet protocols on Ethereum, announced on April 2 the launch of Safenet Beta, a decentralized network of validators designed to verify transactions before they are executed in Safe accounts, moving security from external warnings to the execution process.
Safenet’s goal is to close the gap between the user’s intention when signing a transaction and what they actually authorize. According to the team, this attack vector has caused losses of more than $20 billion since 2017. An emblematic case was the Bybit hack in February 2025attributed to the Lazarus group, which cost the exchange about USD 1.5 billion. In this incident, the vulnerability originated when signing malicious transactions after the prior compromise of the executives’ Safe wallet.
In its initial phase, Safenet Beta has a founding validator groupincluding organizations such as Gnosis, Blockchain Capital and other ecosystem actors linked to Safe.
How does Safenet work?
Safenet uses cryptographic verifications which are recorded and can be publicly audited. When a user submits a transaction from their Safe account, Safenet validators evaluate it in real time against a set of security rules.
If they consider it secure, they generate a cryptographic attestation: a collective certification that is registered and publicly auditable. A component installed in the user’s account (wallet) called “Guard” verifies that attestation before allowing execution. Without valid attestation, the transaction is not processed, explains Safe.
If the transaction is marked as risky and the user decides to continue anyway, they can do so, but with a explicit additional approval and a waiting period.
However, what The statement does not detail what safety rules specifics validators apply, nor how the system addresses more complex or novel attack vectors.
On the other hand, they do mention that Safenet is Byzantine fault tolerantwhich implies that it can continue to function correctly even if some of the validators act dishonestly.
The long-term objective is for this validation network to protect all operations carried out through Safe, expanding the level of security without sacrificing the control that characterizes self-custody.
The role of the SAFE token
The launch also introduces a new feature for the SAFE token. Until now used mainly in governance, it now has an active role within the network.
According to Safe, the validators must block (stake) SAFE tokens to participate in the system, while other users can delegate their tokens to support these validators and receive rewards. This model seeks to align economic incentives with network security.
The Bybit hack as a background
As reported by CriptoNoticias, in February 2025 the Lazarus group carried out the largest hack in the history of the cryptocurrency ecosystem: the theft of approximately USD 1.5 billion from the Bybit exchange, which operated its cold wallet on Safe.
The attack a flaw in Safe’s smart contracts was not exploited but at the human and operational layer: Bybit’s signatories approved a transaction believing it to be legitimate, without knowing that the interface had been manipulated to show them false information about what they were authorizing. The funds moved because the signatures were obtained, not because the code failed.
Safenet did not exist at the time and the Safe statement does not mention the Bybit hack explicitly, but the mechanism it presents points directly to the type of attack that made it possible: one in which the gap between what is signed and what is executed was the central vulnerability.