North Korea's Lazarus Group Steals $1.4B in Ether from Bybit

Bybit, a leading cryptocurrency exchange, recently fell victim to a sophisticated hack that resulted in the theft of over $1.4 billion worth of Ether (ETH). The incident, attributed to North Korea's Lazarus Group, was the result of compromised credentials of a Safe(Wallet) developer, according to a series of third-party forensic investigations.

On February 26, Bybit confirmed the findings of forensic reviews conducted by Sygnia and Verichains. The investigations revealed that the attacker gained unauthorized access to the Safe(Wallet) infrastructure by exploiting a compromised developer's credentials. This allowed the attacker to deceive signers into approving a malicious transaction, leading to the theft of the funds.

The attack was traced back to a malicious JavaScript code injected into Safe(Wallet)'s AWS infrastructure. The Safe(Wallet) team promptly responded by adding security measures to eliminate the attack vector. They also fully rebuilt and reconfigured their infrastructure, ensuring that the attack vector was completely eliminated.

The forensic experts and Safe(Wallet) confirmed that Bybit's infrastructure was not compromised in the hack. This incident serves as a stark reminder of the importance of robust security measures in the cryptocurrency industry, which has faced several high-profile security breaches in recent years.