Summary: Last week, North Korea’s Lazarus hacking group executed a sophisticated .4 billion heist on ByBit’s Ethereum cold wallet through a combination of social engineering, stolen AWS session tokens, and a manipulated JavaScript file. Forensics from Mandiant revealed that the attackers compromised a developer’s workstation using a malicious Docker project, allowing them extensive access to the system. In response, Bybit has enacted multiple security measures and launched a bug bounty program to recover the stolen funds.
Affected: Bybit Cryptocurrency Exchange
Keypoints :
- Multi-pronged attack involved social engineering and MFA bypasses.
- Attacker exploited a developer’s workstation via a malicious Docker project.
- Bybit is implementing extensive security measures and offering a bug bounty program.
- FBI links the hack to North Korea’s TraderTraitor group, which is known for attacking blockchain companies.