An in-depth post-mortem analysis by SafeWallet has clarified the cybercrime that caused a significant $1.4 billion security leak at Bybit. Computed in cooperation with cybersecurity professionals, the paper highlights the need for improving digital security systems and describes the advanced strategies utilized by attackers.
The attack occurred.
SafeWallet’s research indicates that, by means of compromised Safe Developer’s Amazon Web Services (AWS) session tokens, hackers gained access to Bybit’s systems. This hack let them get illegal access by dodging multifactor authentication (MFA) security systems.
The attackers made use of AWS settings calling for session tokens to be reauthenticated every twelve hours. Having failed to register an MFA device using direct attempts, they focused on a MacOS machine owned by a developer, perhaps infecting it with malware. Once inside, they moved undetectably within the system, coordinating their attack using the active AWS session tokens.
Hacker Identification from North Korea
Mandiant, a cybersecurity company, conducted a forensic investigation that verified the offenders were North Korean hackers supported by their state. According to the report, the cybercriminals carefully prepared the attack over nineteen days before it started.
SafeWallet promised that its smart contracts stayed safe even after the hack. Following the incident, the company has implemented additional security measures to prevent similar attacks in the future.
The FBI issues a warning as laundering efforts escalate.
In response to the attack, the U.S. Federal Bureau of Investigation (FBI) issued an alert, urging node operators to block transactions from wallets associated with the hackers. The agency warned that the stolen funds were being laundered and converted into fiat currency.
Strengthening Security in the Crypto Space
Cybersecurity experts continue to analyze the attack and explore possible ways to recover the stolen assets. Despite the rapid laundering process, specialists believe there may still be opportunities to track and freeze portions of the funds.
SafeWallet’s findings highlight the urgent need for stronger security measures within cloud-based environments. As cyber threats in the crypto sector escalate, the report serves as a wake-up call for companies to enhance their defenses against increasingly sophisticated attacks.
