Bybit’s staggering $1.46 billion cyberattack has officially become the largest cryptocurrency theft in history, according to a new investigation by cybersecurity firm Mandiant. The breach, which occurred on February 4, was reportedly orchestrated by the North Korean hacking group TraderTraitor, leveraging a malware-laced fake stock investment project to infiltrate Bybit’s systems.
The attack began when a Safe{Wallet} developer, known as “Developer1,” unknowingly downloaded a compromised Docker project onto their Mac. This seemingly innocuous project—posing as a stock investment simulator—established communication with a suspicious domain, getstockprice[.]com, leading to the installation of malware. The breach subsequently allowed hackers to hijack active AWS session tokens, bypassing multi-factor authentication (MFA) and gaining unauthorized access to Bybit’s funds.
Mandiant’s investigation indicates that TraderTraitor used social engineering tactics to convince Developer1 to download the malware. The hackers then exploited AWS security weaknesses by leveraging stolen session tokens, enabling them to access critical systems without requiring additional authentication. The attack was conducted using VPN-linked IP addresses and offensive security tools, making it harder to trace the perpetrators.
In response to the attack, Safe{Wallet} has taken immediate security measures, resetting its infrastructure and restricting external access. The company has also strengthened its transaction monitoring capabilities in partnership with blockchain security firm Blockaid. Notably, Safe has confirmed that its smart contracts remained unaffected, ensuring that user funds stored in those contracts were not compromised.
Bybit CEO Ben Zhou addressed the breach in an X post, revealing that approximately 77% of the stolen funds remain traceable. However, nearly 20% of the assets have been laundered through crypto mixing services, rendering them untraceable. The use of these obfuscation techniques underscores the sophistication of the attack and the evolving threats facing crypto exchanges.
Also Read: THORChain Processes $5.4B in Swaps, Generates $5M in Fees Amid Bybit Hack Fallout
This unprecedented heist highlights the increasing risks posed by state-sponsored cybercriminals and the need for enhanced security measures within the crypto industry. As investigations continue, the Bybit hack serves as a stark reminder of the vulnerabilities within digital asset platforms and the ongoing battle against cyber threats.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
About The Author
