This post was originally published on Security Affairs. It can be found here.
Crypto exchange Bybit was the victim of a sophisticated attack, and threat actors stole $1.5B worth of cryptocurrency from one of the company’s offline wallets.
Crypto exchange Bybit suffered a sophisticated cyberattack, threat actors transferred over 400,000 ETH and stETH worth more than $1.5 billion to an unidentified address.
The Bybit hack is the largest cryptocurrency heist ever, surpassing previous ones like Ronin Network ($625M), Poly Network ($611M), and BNB Bridge ($566M).
Bybit’s ETH cold wallet was compromised in the attack that masked the signing interface, allowing threat actors to redirect funds to an unknown address.
“Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic.” reads the statement published by the company on X. “As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.”
Bybit’s security team, leading blockchain forensic experts, and partners are investigating the security breach. The company assures users and partners that all other cold wallets remain fully secure, client funds are safe, and operations continue without disruption. Maintaining transparency and security is a top priority, and the company will provide updates as soon as possible.
Bybit speculated attackers likely exploited a vulnerability in the Safe.global platform’s user interface but shared no technical details.
Bybit CEO Ben Zhou assured customers that the exchange would remain solvent even if the stolen funds were not recovered. Bybit stated it has over $20 billion in assets under management and will use a bridge loan if needed to ensure user funds remain available.
Zhou also highlighted that all other cold wallets managed by the exchange are secure.
Blockchain cybersecurity firm Elliptic attributed the cyber heist to the notorious North Korea-linked APT Group Lazarus, however, Bybit has yet to confirm it.
“Almost $1.5 billion in crypto was stolen from Bybit today. That makes it by far the largest crypto heist of all time. It’s also potentially the largest single theft of any kind, ever.
We’re working to help exchanges and law enforcement to trace and freeze these funds. The more difficult we make it to benefit from crimes such as this, the less frequently they will take place.” said Elliptic Co-founder Tom Robinson. “*Update* It’s now been confirmed that North Korea’s Lazarus Group were behind this hack..”
Cybersecurity firm Arkham Intelligence also attributed the attack to the Lazarus APT group.
The Lazarus Group has been active since at least 2009, possibly as early as 2007, it is known for using custom malware in sophisticated attacks, with experts deeming their methods highly advanced.
This threat actor was involved in cyber espionage campaigns and sabotage activities to destroy data and disrupt systems. Security researchers discovered that the North Korean Lazarus APT group was behind multiple attacks against banks end cryptocurrency exchanges.
According to security experts, the group was behind, other large-scale cyber espionage campaigns against targets worldwide, including the Troy Operation, the DarkSeoul Operation, and the Sony Picture hack.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Lazarus)
This post was originally published on this site
