Incredible Robbery at Crypto Exchange Bybit: Billions Stolen Through Secure Wallet Hack - Expert Analysis
Kyiv • UNN
Crypto exchange Bybit has published the results of an expert analysis of the $1.46 billion hack. The FBI confirmed the involvement of the North Korean hacking group Lazarus Group in the attack through a compromised Safe wallet.
Cryptocurrency exchange Bybit has published the results of the forensic examination of the hack that occurred last week, amounting to almost $1.5 billion. The US Federal Bureau of Investigation stated that hackers linked to the North Korean authorities were involved in the robbery.
UNN reports with reference to BBC, CoinDesk and Le Figaro.
Details
Cryptocurrency exchange Bybit has published a forensic investigation into last week's $1.46 billion hack, which showed that its systems were not breached. As it turned out, the problem arose due to a compromised secure wallet infrastructure.
"Safe developer credentials were compromised," allowing the Lazarus hacking group to gain unauthorized access to the secure wallet and then trick Bybit employees into signing a malicious transaction.
An interesting nuance: a person familiar with the matter told CoinDesk that despite the compromise of the wallet infrastructure through social engineering, the hack would not have been possible if Bybit had not "blindly" signed the transaction.
Reference
According to Bybit, approximately 401,000 ETH (Ethereum units) were stolen during the cyberattack.
Example: transferring funds from Ethereum, the most common cryptocurrency after Bitcoin
Example: Bybit co-founder and director, Ben Zhou, is preparing to verify a transfer of funds from Ethereum, the most common cryptocurrency after Bitcoin.
Explanation: In the world of cryptocurrencies, cold wallets are disconnected from the Internet and take the form of hard drives or USB keys. They act as a reserve, while hot wallets, connected directly to the network, are more suitable for making exchanges.
To balance its accounts and allow users to buy or exchange cryptocurrencies, Bybit regularly transfers funds from its cold wallets to hot wallets. For this type of operation, several high-ranking officials on the platform must confirm the transaction.
These are sensitive cold wallet transactions, procedures are implemented as if we were returning a gold bar from a bank
What the FBI says
The FBI confirmed the assumption that this, possibly the largest cryptocurrency theft in history, was committed by the hacking group Lazarus Group, also known as APT38, BlueNoroff, and Stardust Chollima. The FBI calls this group "TraderTraitor."
TraderTraitor members act quickly and have already converted some of the stolen assets into Bitcoin and other virtual assets, scattered across thousands of addresses on multiple blockchains. These assets are expected to be further laundered and eventually converted into fiat ["decreed," i.e., traditional] currency.
Earlier, several Western publications wrote that hackers from the DPRK-linked Lazarus Group could have been behind the attack.
Investigators of Lazarus Group's activities report that in recent years, this group has stolen cryptocurrencies worth about $6 billion. It is assumed that with these funds, the DPRK authorities make purchases bypassing international sanctions and finance their military programs.
The North Korean authorities deny any connection with the Lazarus Group.
Recall
UNN reported that the ByBit crypto exchange was attacked by hackers, withdrawing over $1.4 billion in ETH to four Ethereum addresses. CEO Ben Zhou confirmed the incident, explaining that the attack was carried out through malicious code in a smart contract.