Months after a significant crypto-related theft sent shockwaves through the industry, Safe, a leading self-custody infrastructure provider, has announced a major internal restructuring.
The company revealed on April 16 that 14 employees had been laid off, with co-founder Lukas Schor attributing the decision to escalating internal complexity. In an emotional tweet, Lukas described it as the “toughest day since starting Safe.”
He made it clear that the layoffs were not a reflection of the individuals affected, acknowledging their meaningful contributions to the project. Taking full responsibility for the decisions that led to this point, Lukas, along with co-founders Richard, Christoph, and Tobias, emphasized their commitment to handling the situation with care and respect.
In an effort to support the affected team members, Safe is offering extended garden leave, enhanced severance packages, converted linear token vesting, and active assistance in finding new opportunities within the Ethereum ecosystem. Lukas highlighted that some of the best talent in the crypto space is now seeking new opportunities.
As part of its restructuring, Safe is dividing into three distinct divisions to align more effectively with its goals and the evolving crypto landscape. These divisions include a revenue-focused product company, an innovation-centric R&D lab, and an ecosystem-focused foundation. Each team will operate autonomously to optimize for its core objectives.
The strategic overhaul comes in the wake of the Bybit hack earlier this year, where a $1.43 billion exploit was linked back to a compromised developer machine used by Safe. Despite the core smart contracts remaining untouched, the breach had a profound impact on the company’s backend systems.
A forensic report released by Safe in March detailed how a malicious Docker project disguised as a “stock investment simulator” was downloaded onto a developer’s MacBook, leading to the breach. The attack, orchestrated by the North Korean-linked TraderTraitor group, bypassed multi-factor authentication and stole AWS session tokens.
In response, Safe collaborated with cybersecurity firm Mandiant to conduct a comprehensive forensic investigation, revealing a sophisticated, state-sponsored attack. The fallout prompted Safe to enhance its infrastructure security measures, but internal operational complexity continued to escalate.
As the Ethereum ecosystem evolves, foundational tools like Safe are under increasing scrutiny to provide faster iteration cycles and robust services. With the company’s growth leading to coordination challenges, splitting into three independent units with distinct mandates is seen as the best path forward.
Safe’s reorganization signifies a renewed focus on its mission, despite the departure of the 14 employees. The company remains committed to navigating the challenges posed by the Bybit hack fallout and emerging stronger from the experience.