Abstract
Rekt News proposes funding for 12 months of independent editorial coverage of the Safe stack — modules, signing infrastructure, social engineering threat surface, and the post-Bybit / Safenet response — anchored on a definitive “Safe After Bybit” retrospective and continued through long-form investigations, distribution features and an optional documentary and podcast panel.
The work primarily benefits the Safe ecosystem and SafeDAO is the natural home for it. A parallel discussion is open at GnosisDAO, where the community has expressed structural interest given GnosisDAO’s position as the largest single SAFE token holder. This post sets out the full proposal for SafeDAO community input, with two routes — a joint engagement co-funded with GnosisDAO, or a reduced standalone SafeDAO engagement.
Why this is on SafeDAO’s table
The Safe stack defines the operating reality for most of the high-value asset custody across Ethereum and the L2 ecosystem. The Bybit incident exposed the social engineering and signing-infrastructure surface that sits around the Safe contracts and the response in flight — Safenet, SEP-55 validator attestation, threat-model formalisation, the Safe Labs governance restructure — is the structural correction now underway.
Editorial coverage of this work is fragmented across team blog posts, security firm reports, conference talks and X threads. Rekt News proposes consolidating it into a definitive open-access reference, maintained and extended over 12 months. SafeDAO is the governance body for the Safe ecosystem; GnosisDAO has parallel interest as the largest SAFE holder and active partner of the Safe community. The proposal goes to both DAOs for that reason — full information lives in this thread, with a parallel discussion on the GnosisDAO forum.
Scope — 12 months
Anchor piece — “Safe After Bybit”
Definitive retrospective covering the Bybit incident, the Safe response, the structural changes since, and the forward-looking threat model. Long-form (5,000+ words). Sourced from on-record contributors across SEF, Safe Labs, Core Contributors and external auditors. Treated as a permanent reference, updated as the response continues to unfold.
Follow-up long-form investigations (3, joint-funding scope). Potential articles:
- Safe modules security — module composability, install/uninstall threat surface, the gap between intended use and operational reality.
- Social engineering threat surface — the post-Bybit attack class, the specific patterns that worked, mitigations available at the signing-infrastructure layer.
- Signing infrastructure and Safenet validator attestation — the SEP-55 design, validator-attestation threat model, what it solves, what it doesn’t and the deployment-practice gap.
Distribution and amplification
- 6 distribution features across the Rekt X account (~280K followers) and the Rekt newsletter (~30K subscribers).
- Dedicated Safe / Gnosis security section on hub.rekt.news, maintained for the engagement period, aggregating all funded coverage plus pre-existing Safe-relevant pieces.
Optional production (joint-funding route only)
- 1 video documentary on the Safe stack post-Bybit, distributed via Rekt and partner channels.
- 1 podcast panel with Safe ecosystem contributors, distributed across Rekt and partner audiences.
Two funding options for SafeDAO
Option A — Joint funding with GnosisDAO. $40,000 USDC equivalent total ($20,000 from SafeDAO, $20,000 from GnosisDAO).
Full scope as listed above, including the video documentary and podcast panel.
Option B — SafeDAO-funded reduced scope. $15,000 USDC equivalent.
Reduced scope:
- “Safe After Bybit” anchor retrospective
- 1 follow-up long-form (SafeDAO selects highest priority from the three follow-ups listed above)
- Distribution features on Rekt X and the Rekt newsletter
- Video documentary and podcast panel dropped from this scope
Payment in USDC, SAFE tokens at TWAP on the signing date, or a mix — at SafeDAO’s discretion.
Editorial terms
Editorial firewall. Editorial decisions on framing and conclusions sit with Rekt News. The funded scope is educational and reference work, not advocacy. Topic prioritisation is collaborative through a task force, ideally including contributors from SEF, Safe Labs, and Core Contributors.
Incident coverage. Coverage of any future Safe-ecosystem security incidents is treated separately from the funded educational scope and is not subject to collaborative input. Incidents are covered with the same depth and editorial independence applied to the original Bybit investigation at rekt.news/bybit-rekt.
Disclosure. Every funded Rekt piece during the engagement carries a footer disclosing the SafeDAO (and GnosisDAO if joint-funded) engagement. The standing partnership page on rekt.news lists every funded engagement publicly.
Verification, tranches, termination
Tranche structure. Disbursement in tranches against verified publication of deliverables. Option A: 4 tranches across the engagement, each tied to a deliverable group. Option B: 2 tranches — anchor piece, then follow-up long-form plus distribution.
Verification. Deliverables are auditable against the deliverable list. The task force reviews quality before each tranche release. A public objection window (7 days) sits before every tranche transfer; substantive concerns raised in this window pause the release pending review.
Termination. Engagement terminates by default if the task force determines that the milestones have been missed in substance. Community-initiated termination available at any point through standard SafeDAO governance.
Why Rekt News for this
Rekt News has covered the security failures, post-mortems, and architectural patterns of DeFi and broader Web3 infrastructure for five years. The original Bybit investigation is one of the most read pieces in the Rekt archive. Recent work relevant to the Safe stack includes coverage of the Lazarus / DPRK attack surface, social engineering investigations, signing-infrastructure incidents, and the broader institutional-custody threat landscape.
Rekt is independent — no paywall, no token, no VC. Distribution reach: ~280K X followers, ~30K newsletter subscribers, ~42K monthly readers on rekt.news. All content open access under CC0.
Open Questions
- Which funding option does the SafeDAO community prefer — Option A (joint, $20K from SafeDAO) or Option B (reduced standalone, $15K)?
- Task force composition: who from SEF / Safe Labs / Core Contributors / community would join the topic-prioritisation group?
- Bybit framing: lead with the Bybit reference point, or lead with Safe’s post-Bybit architecture? Either works.
- TheDefiant integration: Rekt holds a strategic content partnership with TheDefiant (~327K X followers, ~130K YouTube subscribers). If SafeDAO sees value, the video documentary or podcast panel can be co-produced for cross-community distribution.