A massive $1.4 billion crypto heist from Bybit last month was caused by a compromised developer’s laptop, according to Safe Wallet.
The Hack Explained
A joint investigation by Safe Wallet and cybersecurity firm Mandiant revealed a sophisticated attack. The hacker gained access by compromising a developer’s laptop and then hijacking AWS session tokens. This clever move allowed them to bypass Bybit’s multi-factor authentication. The developer in question had high-level access needed for their job. The investigation is ongoing, but Safe Wallet has already improved its security measures.
AWS Session Tokens and the Attack
AWS session tokens are temporary security credentials used for secure API calls. By stealing these tokens, the hacker essentially gained temporary, but powerful, access to Bybit’s systems.
The Aftermath and Ongoing Investigation
While the investigation continues to uncover the full extent of the hacker’s actions, Safe Wallet confirms that the FBI has linked the hack to TraderTraitor, a North Korean hacking group. The February hack involved the theft of $1.4 billion in ETH and stETH from Bybit’s Ethereum warm wallet, making it the largest crypto hack ever recorded.
Safe Wallet’s Response
Safe Wallet emphasizes that they’ve already strengthened their security protocols following the incident. The investigation is ongoing, and further details are expected to emerge as the probe continues.
