Molly White
Molly White  ·  7 days ago

Content Warning

Rocky crypto markets have not exactly been steadied by a new theft from a crypto exchange that dwarfs other previous hacks. North Korea has added another $1.5 billion to its stash of stolen crypto — more than all of their (also substantial) thefts last year combined.

#crypto #cryptocurrency

The Lazarus group is an extremely sophisticated cybercrime group that has been responsible for many of the chart-topping attacks in the crypto world, including the previously recordbreaking thefts of $625 million from the Axie Infinity game in March 2022 [W3IGG], and the the $300 million and $235 million hacks of the exchanges DMM [W3IGG] and WazirX [W3IGG] in May and July 2024. Their expertise means that they know how best to launder the stolen funds without causing serious impacts to the ETH price or risking the funds being frozen by exchanges and other centralized entities, and they have successfully laundered more than half of the stolen assets thus far by swapping it across various chains and into different crypto assets.9 While a substantial $43 million in stolen assets was frozen and recovered by the mETH Protocol, as was around $181,000 in Tether, that amounts to less than 3% of the total.10 To put this theft in perspective, the $1.5 billion stolen from Bybit alone surpasses the North Korean cyberattackers’ entire 2024 profits from crypto heists: around $1.34 billion from across 47 separate attacks throughout 2024. It’s more than double what they stole the year prior.11 According to the United Nations and the US government, these thefts have been a substantial source of funding for the country’s nuclear and ballistic missile programs.1213
The Lazarus group is an extremely sophisticated cybercrime group that has been responsible for many of the chart-topping attacks in the crypto world, including the previously recordbreaking thefts of $625 million from the Axie Infinity game in March 2022 [W3IGG], and the the $300 million and $235 million hacks of the exchanges DMM [W3IGG] and WazirX [W3IGG] in May and July 2024. Their expertise means that they know how best to launder the stolen funds without causing serious impacts to the ETH price or risking the funds being frozen by exchanges and other centralized entities, and they have successfully laundered more than half of the stolen assets thus far by swapping it across various chains and into different crypto assets.9 While a substantial $43 million in stolen assets was frozen and recovered by the mETH Protocol, as was around $181,000 in Tether, that amounts to less than 3% of the total.10 To put this theft in perspective, the $1.5 billion stolen from Bybit alone surpasses the North Korean cyberattackers’ entire 2024 profits from crypto heists: around $1.34 billion from across 47 separate attacks throughout 2024. It’s more than double what they stole the year prior.11 According to the United Nations and the US government, these thefts have been a substantial source of funding for the country’s nuclear and ballistic missile programs.1213
The Lazarus group is an extremely sophisticated cybercrime group that has been responsible for many of the chart-topping attacks in the crypto world, including the previously recordbreaking thefts of $625 million from the Axie Infinity game in March 2022 [W3IGG], and the the $300 million and $235 million hacks of the exchanges DMM [W3IGG] and WazirX [W3IGG] in May and July 2024. Their expertise means that they know how best to launder the stolen funds without causing serious impacts to the ETH price or risking the funds being frozen by exchanges and other centralized entities, and they have successfully laundered more than half of the stolen assets thus far by swapping it across various chains and into different crypto assets.9 While a substantial $43 million in stolen assets was frozen and recovered by the mETH Protocol, as was around $181,000 in Tether, that amounts to less than 3% of the total.10 To put this theft in perspective, the $1.5 billion stolen from Bybit alone surpasses the North Korean cyberattackers’ entire 2024 profits from crypto heists: around $1.34 billion from across 47 separate attacks throughout 2024. It’s more than double what they stole the year prior.11 According to the United Nations and the US government, these thefts have been a substantial source of funding for the country’s nuclear and ballistic missile programs.1213
Adding to pre-existing market jitters, the crypto world has just experienced a new record-shattering hack of the cryptocurrency exchange Bybit. Bybit is less known in the United States, as it is not permitted to serve US customers, which is probably why this hack has not earned the media attention of some of the other major industry disasters. However, Bybit is the second-largest exchange globally, ahead of Coinbase and behind Binance. On February 21, attackers stole more than 400,000 ETH (priced at around $1.5 billiona) from one of the company’s so-called “cold wallets”. Cold wallets are crypto wallets that are not routinely connected to the internet, making them less vulnerable to thefts. As a result, crypto exchanges often store substantial quantities of assets in cold wallets, transferring smaller amounts as needed to online “hot wallets” to satisfy withdrawals and purchases. However, any time these transfers happen, there’s some degree of vulnerability, and that’s what North Korea’s state-sponsored Lazarus cybercriminals were able to exploit.7 They were able to manipulate the Safe Wallet multisignature system used by Bybit to authorize transfers from the cold wallet to the company’s hot wallet, and when the Bybit employees signed off on what they thought was a routine transfer, the wallet was drained. Bybit and Safe are now pointing fingers at one another, with Bybit claiming that Safe’s infrastructure was compromised, allowing an attacker to manipulate the transaction s
Adding to pre-existing market jitters, the crypto world has just experienced a new record-shattering hack of the cryptocurrency exchange Bybit. Bybit is less known in the United States, as it is not permitted to serve US customers, which is probably why this hack has not earned the media attention of some of the other major industry disasters. However, Bybit is the second-largest exchange globally, ahead of Coinbase and behind Binance. On February 21, attackers stole more than 400,000 ETH (priced at around $1.5 billiona) from one of the company’s so-called “cold wallets”. Cold wallets are crypto wallets that are not routinely connected to the internet, making them less vulnerable to thefts. As a result, crypto exchanges often store substantial quantities of assets in cold wallets, transferring smaller amounts as needed to online “hot wallets” to satisfy withdrawals and purchases. However, any time these transfers happen, there’s some degree of vulnerability, and that’s what North Korea’s state-sponsored Lazarus cybercriminals were able to exploit.7 They were able to manipulate the Safe Wallet multisignature system used by Bybit to authorize transfers from the cold wallet to the company’s hot wallet, and when the Bybit employees signed off on what they thought was a routine transfer, the wallet was drained. Bybit and Safe are now pointing fingers at one another, with Bybit claiming that Safe’s infrastructure was compromised, allowing an attacker to manipulate the transaction s
Adding to pre-existing market jitters, the crypto world has just experienced a new record-shattering hack of the cryptocurrency exchange Bybit. Bybit is less known in the United States, as it is not permitted to serve US customers, which is probably why this hack has not earned the media attention of some of the other major industry disasters. However, Bybit is the second-largest exchange globally, ahead of Coinbase and behind Binance. On February 21, attackers stole more than 400,000 ETH (priced at around $1.5 billiona) from one of the company’s so-called “cold wallets”. Cold wallets are crypto wallets that are not routinely connected to the internet, making them less vulnerable to thefts. As a result, crypto exchanges often store substantial quantities of assets in cold wallets, transferring smaller amounts as needed to online “hot wallets” to satisfy withdrawals and purchases. However, any time these transfers happen, there’s some degree of vulnerability, and that’s what North Korea’s state-sponsored Lazarus cybercriminals were able to exploit.7 They were able to manipulate the Safe Wallet multisignature system used by Bybit to authorize transfers from the cold wallet to the company’s hot wallet, and when the Bybit employees signed off on what they thought was a routine transfer, the wallet was drained. Bybit and Safe are now pointing fingers at one another, with Bybit claiming that Safe’s infrastructure was compromised, allowing an attacker to manipulate the transaction s
  • Activities
  • Search
  • Direct Messages
  • Notifications
  • Profile
  • Groups
    • ["Sorry, a condition didn't have any `case` matching the data it was expecting", "nil"]