Hackers steal $1.5 billion in crypto from Bybit’s cold wallet
Cyber Security: Understanding the $1.5 Billion Bybit Crypto Theft
In a shocking turn of events, the North Korean hacker group Lazarus managed to steal nearly $1.5 billion in ethereum tokens from Bybit, a prominent crypto exchange. What made this heist all the more perplexing was the fact that the stolen tokens were stored in cold wallets, meaning they were offline and theoretically safe from cyberattacks. But as it turns out, the hackers employed a clever ruse to deceive Bybit employees, including CEO Ben Zhou, into authorizing fraudulent transactions.
The investigation into this massive theft was spearheaded by crypto sleuth ZachXBT, who unmasked the identity of the perpetrators on the X platform. Subsequently, Arkham Intelligence, a crypto analysis firm, confirmed these findings, shedding light on critical security flaws within the crypto ecosystem. Bybit, along with others, acknowledged the challenges associated with manually verifying transaction legitimacy before giving the green light.
Bybit’s operational model involved storing various cryptocurrencies in cold wallets, with Safe, a specialized cold wallet storage provider, safeguarding ether on the company’s behalf. Periodically, Bybit would transfer funds from cold wallets to warm wallets to facilitate transactions. This process required human intervention to approve and execute transactions, ensuring a balance between security and liquidity.
When transferring funds between cold and warm wallets, Bybit utilized a multi-signatory approach, wherein multiple individuals had to review and endorse a transaction before it could be processed. In the case of the heist, Zhou was slated to be the final signatory on the ill-fated transaction.
The Lazarus Group executed the theft by exploiting vulnerabilities in Bybit’s cold wallet infrastructure, deceiving signatories into approving a seemingly legitimate transaction. This scheme likely involved manipulating transaction details or presenting a sophisticated facade that eluded thorough scrutiny. Observers noted that the hack relied heavily on manipulating human behavior rather than technical vulnerabilities, underscoring the human element in cybersecurity.
Zhou shed light on the incident, attributing the error to a lack of due diligence in verifying the transaction’s details obscured within the smart contract code. While the mechanics of how the hackers orchestrated this elaborate scheme remain unclear, Safe, the cold wallet custodian, asserted the integrity of its transaction signing systems, emphasizing the need for user vigilance.
Post-theft, Lazarus tactfully maneuvered the stolen funds through various channels to obfuscate their origins. By listing the wallets and exchanges involved, investigators sought to curtail money laundering attempts. Remarkably, despite the staggering loss, Bybit continued to operate seamlessly, processing transactions with resolute determination.
In the aftermath of this unprecedented breach, experts identified “blind signing” as a critical vulnerability that requires immediate attention. This incident serves as a stark reminder of the evolving threats facing the crypto industry and the imperative of fortifying security measures to safeguard digital assets.
