SafeWallet releases Bybit hack post-mortem report

The developer of SafeWallet has released a post-mortem study detailing the cybersecurity exploit that led to the $1.4 cardinal hack against Bybit successful February.

According to a forensic analysis conducted by SafeWallet and cybersecurity steadfast Mandiant, the hacking radical hijacked a Safe developer’s Amazon Web Services (AWS) league tokens to bypass the multifactor authentication information measures enactment successful spot by the firm.

SafeWallet’s AWS settings required squad members to reauthenticate their AWS league tokens each 12 hours, which prompted the hacking radical to effort a breach by registering a multifactor authentication (MFA) device.

Following respective failed attempts astatine registering an MFA device, the menace actors compromised a developer’s MacOS system, apt done malware installed connected the system, and were capable to usage the AWS league tokens portion the developer’s sessions were active.

Once the hackers gained access, they worked wrong the Amazon Web Services situation to acceptable up the attack.

A timeline of the Safe developer information exploit. Source: Safe

Mandiant’s forensic investigation besides confirmed that the hackers were North Korean authorities actors who took 19 days to hole and execute the attack.

The latest update reiterated that the cybersecurity exploit did not impact Safe’s astute contracts and added that the Safe improvement squad enactment further safeguards successful spot pursuing what was the biggest hack successful crypto history.

Related: Crypto mislaid to exploits, scams, hits $1.5B successful February with Bybit hack: CertiK

FBI puts retired an alert arsenic Bybit hackers launder funds

The US Federal Bureau of Investigation (FBI) published an online alert asking node operators to artifact transactions from wallet addresses linked to the North Korean hackers, which the FBI said would beryllium laundered and converted to fiat currency.

FBI informing astir North Korean hackers down Bybit hack. Source: FBI

Since that time, the Bybit hackers laundered 100% of the stolen crypto, comprising astir 500,000 Ether-related tokens, successful lone 10 days.

On March 4, Bybit CEO Ben Zhou said that astir 77% of the funds, valued astatine astir $1.07 billion, are inactive traceable onchain, portion astir $280 cardinal person gone dark.

However, Deddy Lavid, CEO of the Cyvers cybersecurity firm, said cybersecurity teams whitethorn inactive beryllium capable to hint and frost immoderate of the stolen funds.

Magazine: Lazarus Group’s favourite exploit revealed — Crypto hacks analysis