Source: Cointelegraph Original: "{title}"
The developers of SafeWallet have released a post-mortem analysis report detailing the cybersecurity vulnerabilities exploited in the $1.4 billion hack of Bybit that occurred in February this year.
According to forensic analysis conducted by SafeWallet and cybersecurity firm Mandiant, the hacker group hijacked an Amazon Web Services (AWS) session token from a developer at Safe, thereby bypassing the multi-factor authentication security measures set by the company.
SafeWallet's AWS setup requires team members to re-authenticate their AWS session tokens every 12 hours, prompting the hacker group to attempt to implement an intrusion by registering a multi-factor authentication (MFA) device.
After multiple failed attempts to register a multi-factor authentication device, these threat actors likely gained control of the developer's system through malware installed on the developer's MacOS system, allowing them to use the AWS session token while the developer's session was active.
Once the hackers gained access, they began preparing for the attack within the Amazon Web Services environment.
Timeline of the exploitation of vulnerabilities by Safe developers. Source: Safe
Mandiant's forensic analysis also confirmed that these hackers are official actors from North Korea, who spent 19 days preparing and executing this attack.
The latest news reiterates that this cybersecurity exploitation did not affect Safe's smart contracts and adds that the Safe development team has taken additional security measures after experiencing the largest hack in cryptocurrency history.
FBI Issues Alert, Bybit Hackers are Laundering Money
The Federal Bureau of Investigation (FBI) has issued an online alert urging node operators to block transactions from wallet addresses associated with North Korean hackers, stating that these funds will be laundered and converted into fiat currency.
FBI warning regarding the North Korean hackers behind the Bybit hack. Source: FBI
Since then, the Bybit hackers have managed to launder 100% of the stolen cryptocurrency in just 10 days, including nearly 500,000 tokens related to Ethereum.
On March 4, Bybit CEO Ben Zhou stated that approximately 77% of the funds (valued at about $1.07 billion) are still traceable on-chain, while about $280 million remains unaccounted for.
However, Deddy Lavid, CEO of cybersecurity firm Cyvers, stated that cybersecurity teams may still be able to track and freeze some of the stolen funds.
Related: Uncovering the masterminds behind the largest theft in cryptocurrency history: North Korean hacker group Lazarus
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
