Graham Cluley@Graham Cluley
//
Noah Urban, a 20-year-old from Palm Coast, Florida, has pleaded guilty to charges related to cryptocurrency thefts, conspiracy, wire fraud, and identity theft. Urban, known online as "King Bob," was a key member of the notorious Scattered Spider hacking gang. The charges stem from two federal cases, one in Florida and another in California. Urban's activities involved orchestrating sophisticated attacks, including SIM swapping, to steal hundreds of thousands of dollars in cryptocurrency from investors. He was arrested in January 2024, and during the raid, he reportedly attempted to wipe his computer and social media history in an effort to destroy evidence.
The cybercriminal's operations involved stealing victims' personal information and using it to hijack their phone numbers through SIM swap fraud. This allowed Urban and his accomplices to bypass two-factor authentication and gain unauthorized access to cryptocurrency wallets. They then transferred the cryptocurrency to their own accounts, netting significant profits. Urban's activities also extended to leaking songs from famous music artists after breaking into the accounts of music industry executives, disrupting planned album releases and causing financial and emotional strain on the artists involved.
As part of his plea agreement, Urban has agreed to forfeit his jewelry, currency, and cryptocurrency assets. He will also pay US $13 million in restitution to 59 victims. Urban is expected to be sentenced within the next 75 days. He faces a potentially long prison term, which will include an additional two-year sentence for aggravated identity theft, as it cannot be served concurrently with other charges. Other suspected members of the Scattered Spider gang remain under investigation, highlighting the ongoing efforts to combat this cybercriminal syndicate.
Recommended read:
References :
- bsky.app: Wild details here from a Scattered Spider hacker who pleaded guilty last week. Noah Urban from Florida was known online as 'King Bob' (yes from the Minions movie) and was making insane money from his hacking gang from the age of just 17...
- DataBreaches.Net: A 20-year-old Palm Coast man linked to a massive cybercriminal gang pleaded guilty in a Jacksonville federal courtroom Friday morning to charges including conspiracy and wire fraud.
- Cyber Security News: Noah Michael Urban, a 20-year-old Palm Coast resident known online as “King Bob,†pleaded guilty on April 7, 2025, to charges related to an extensive cryptocurrency theft operation.
- securityaffairs.com: Noah Urban, a 20-year-old from Palm Coast, pleaded guilty to conspiracy, wire fraud, and identity theft in two federal cases, one in Florida and another in California.
- www.bitdefender.com: Noah Urban, a 20-year-old man linked to the Scattered Spider hacking gang, pleaded guilty to charges related to cryptocurrency thefts.
- cyberpress.org: A 20-year-old Palm Coast resident known online as “King Bob,” pleaded guilty on April 7, 2025, to charges related to an extensive cryptocurrency theft operation.
- Cyber Security News: A 20-year-old Florida man identified as a key member of the notorious "Scattered Spider" cybercriminal collective has pleaded guilty to orchestrating sophisticated ransomware attacks and cryptocurrency theft schemes targeting major corporations.
- The Register - Security: Alleged Scattered Spider SIM-swapper must pay back $13.2M to 59 victims
- gbhackers.com: A 20-year-old Noah Urban, a resident of Palm Coast, Florida, pleaded guilty to a series of federal charges in a Jacksonville courtroom.
- www.404media.co: Wild details here from a Scattered Spider hacker who pleaded guilty last week.
- www.scworld.com: Scattered Spider persists with use of Spectre RAT, new phishing kit
info@thehackernews.com (The@The Hacker News
//
A new phishing campaign called 'PoisonSeed' has emerged, posing a significant cybersecurity threat by targeting customer relationship management (CRM) platforms and bulk email service providers. The campaign leverages compromised credentials to distribute emails containing cryptocurrency seed phrases, aiming to drain victims' digital wallets. This activity forms part of a broader supply chain attack, impacting enterprise organizations and individuals outside the cryptocurrency industry, with crypto companies like Coinbase and Ledger and bulk email providers such as Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho among the targeted companies.
PoisonSeed's method involves creating convincing phishing pages mimicking login portals for popular CRM and email platforms. These deceptive pages trick victims into revealing their credentials, after which the attackers automate the export of email lists and create API keys for persistent access. Compromised accounts are then used to send bulk phishing emails with urgent lures, such as fake wallet migration notices, urging recipients to set up new cryptocurrency wallets using a provided seed phrase. If entered, this seed phrase allows attackers to access the wallet and steal funds, initiating a cryptocurrency seed phrase poisoning attack.
Silent Push analysts have identified an extensive list of Indicators of Compromise (IoCs) associated with PoisonSeed's infrastructure, including phishing domains like mailchimp-sso[.]com and C2 Servers with IP addresses such as 212.224.88[.]188. While PoisonSeed shares some tactics with known groups like Scattered Spider and CryptoChameleon, it's considered a distinct entity with a focus on cryptocurrency theft rather than ransomware attacks. This malicious campaign exploits CRM credentials to spread cryptocurrency seed phrase attacks, placing many wallets at risk of compromise.
Recommended read:
References :
- Cyber Security News: The campaign targets individuals and organizations outside the cryptocurrency industry.
- gbhackers.com: PoisonSeed uses advanced phishing techniques.
- www.bleepingcomputer.com: Threat actors are leveraging compromised credentials.
- securityonline.info: SecurityOnline.info - PoisonSeed Campaign: Uncovering a Web of Cryptocurrency and Email Provider Attacks
- The DefendOps Diaries: Understanding the PoisonSeed Phishing Campaign: A New Cyber Threat
- The Hacker News: PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
- securityaffairs.com: PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets
- The Hacker News: PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
- ciso2ciso.com: PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets – Source: securityaffairs.com
- ciso2ciso.com: PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets – Source: securityaffairs.com
- Cyber Security News: A new phishing campaign, PoisonSeed, has been targeting CRM and email providers to obtain email lists for bulk cryptocurrency spamming.
- securityonline.info: Threat actors target email providers to provide infrastructure for cryptocurrency spam operations.
- Security Risk Advisors: PoisonSeed Actors Hijack Bulk Email Services to Execute Cryptocurrency Seed Phrase Attacks
info@thehackernews.com (The@The Hacker News
//
The PoisonSeed phishing campaign represents a new and evolving cyber threat, targeting individuals with access to critical systems like Customer Relationship Management (CRM) platforms and bulk email services. This large-scale operation compromises corporate email marketing accounts to distribute emails containing crypto seed phrases, ultimately used to drain cryptocurrency wallets. Attackers focus on high-value targets, employing detailed reconnaissance to ensure their phishing emails reach the most impactful individuals. By mimicking legitimate services through carefully crafted emails and fake login pages, PoisonSeed exemplifies the evolving nature of phishing threats, deceiving victims into believing they are from legitimate sources.
PoisonSeed's attack methodology is distinguished by its sophisticated approach, targeting individuals with access to CRM systems and bulk email platforms. The first stage involves meticulous target identification, focusing on those with access to CRM systems and bulk email platforms, as these targets provide significant leverage for further attacks. The reconnaissance process includes analyzing the email services used by companies and identifying employees in relevant positions. Once targets are identified, the attackers craft professional phishing emails designed to deceive recipients, sending them from spoofed addresses to enhance their authenticity, often containing links to fake login pages hosted on carefully named domains.
The phishing pages deployed by PoisonSeed are designed to capture sensitive information, particularly cryptocurrency wallet seed phrases. Victims are tricked into entering attacker-provided seed phrases while setting up new cryptocurrency wallets, allowing the attackers to monitor and eventually take control of these wallets once funds are deposited. Compromised accounts are then used to send bulk phishing emails, employing urgent lures, such as notifications about "restricted sending privileges" or fake wallet migration notices. Domains such as mail-chimpservices[.]com have been used to deceive MailChimp users, showcasing the campaign's attention to detail.
Recommended read:
References :
- The DefendOps Diaries: Understanding the PoisonSeed Phishing Campaign: A New Cyber Threat
- www.bleepingcomputer.com: PoisonSeed phishing campaign distributing emails with wallet seed phrases.
- bsky.app: PoisonSeed phishing campaign behind emails with wallet seed phrases
- Cyber Security News: PoisonSeed Launches Supply Chain Phishing Attacks on CRM and Bulk Email Services
- gbhackers.com: PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack
- securityonline.info: PoisonSeed Campaign: Uncovering a Web of Cryptocurrency and Email Provider Attacks
- The Hacker News: PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
- securityaffairs.com: PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets
- securityonline.info: Silent Push Threat Analysts have uncovered a sophisticated campaign targeting enterprise organizations, VIP individuals, and cryptocurrency holders, dubbed “PoisonSeed.â€
- ciso2ciso.com: PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets – Source: securityaffairs.com
- www.silentpush.com: Silent Push blog about PoisonSeed campaign.
- The Hacker News: PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
- Security Risk Advisors: #PoisonSeed campaign compromises email providers to launch crypto seed phrase poisoning attacks. Targets include #Mailchimp #SendGrid and #Coinbase users.
do son@securityonline.info
//
A new "ClickFake Interview" campaign, attributed to the Lazarus Group, is targeting professionals in the cryptocurrency sector with fraudulent job offers. Security researchers at Sekoia discovered the operation, revealing that threat actors impersonate recruiters on platforms like LinkedIn and X (formerly Twitter) to lure victims into fake job interviews. These interviews are designed to trick candidates into opening malicious documents or clicking on compromised links, ultimately leading to malware infection and potential data theft.
The malware, dubbed "ClickFix" or sometimes distributed through the GolangGhost backdoor, grants attackers remote access to compromised systems. This allows the Lazarus Group to steal sensitive information, including cryptocurrency wallet credentials, execute arbitrary commands, and maintain persistent access. Sekoia warns that this campaign reflects a new Lazarus strategy targeting cryptocurrency industry employees, even those with limited technical expertise, making them less likely to detect malicious activity during the interview process. Professionals are advised to verify recruiter identities, avoid downloading files from unknown sources, and utilize endpoint protection to mitigate risks.
Recommended read:
References :
- : New “ClickFake Interview” campaign attributed to the Lazarus Group targets crypto professionals with fake job offers
- www.scworld.com: ClickFix technique leveraged in new crypto-targeted Lazarus attacks
- Virus Bulletin: Sekoya researchers discovered a ClickFake Interview campaign targeting job seekers with fake job interview websites. The infrastructure aligns with technical indicators linked to the Contagious Interview campaign and delivers GolangGhost backdoor for Windows & macOS
- Security Risk Advisors: Lazarus Uses “ClickFake Interview� to Distribute Backdoors via Fake Crypto Job Websites
- The Hacker News: Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
do son@securityonline.info
//
Cybersecurity analysts have uncovered a sophisticated campaign exploiting a fake Zoom installer to deliver BlackSuit ransomware across Windows-based systems. The attack, beginning with a malicious download from a website mimicking the teleconferencing application Zoom, lures unsuspecting victims into installing malware capable of crippling entire networks. When the victim clicked the “Download” button, they unknowingly triggered a chain reaction of events.
The fake installer, crafted with Inno Setup, hides the d3f@ckloader, a Pascal-based loader. After gaining initial access, the attackers deploy Brute Ratel and Cobalt Strike for lateral movement, using QDoor to facilitate RDP access. After 9 days, they deploy the BlackSuit ransomware across the network, deleting Volume Shadow Copies to hinder data recovery efforts before encrypting files and dropping ransom notes. The attackers also used WinRAR to compress file share data and uploaded the archives to Bublup, a cloud storage service for data exfiltration.
Recommended read:
References :
- bsky.app: The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi).
- BleepingComputer: North Korean hackers adopt ClickFix attacks to target crypto firms
- Cyber Security News: Hackers Exploit Zoom Installer to Gain RDP Access and Launch BlackSuit Ransomware Attack
- gbhackers.com: Beware! A Fake Zoom Installer Drops BlackSuit Ransomware on Your Windows Systems
- Virus Bulletin: The DFIR Report researchers look into a fake Zoom installer that used d3f@ckloader & IDAT loader to drop SectopRAT, which dropped Cobalt Strike & Brute Ratel after 9 days. For later movement the threat actor used QDoor & finally deployed BlackSuit ransomware.
- Osint10x: Fake Zoom Ends in BlackSuit Ransomware
- securityonline.info: Fake Zoom, Real Ransom: Nine-Day Malware Intrusion Ends with BlackSuit Ransomware Blast
- bsky.app: Lazarus adopts ClickFix technique.
- : New “ClickFake Interview†campaign attributed to the Lazarus Group targets crypto professionals with fake job offers
- BleepingComputer: Report of the Lazarus Group adopting the ClickFix technique for malware deployment.
Lawrence Abrams@BleepingComputer
//
A large-scale Coinbase phishing attack is underway, targeting users with a sophisticated scam disguised as a mandatory wallet migration. The attackers trick recipients into setting up a new wallet using a pre-generated recovery phrase, effectively gaining control of any funds transferred into it. The phishing emails falsely claim that Coinbase is transitioning to self-custodial wallets due to a court order, creating a sense of urgency and legitimacy. This manipulation of emotions and perceived authority is a common tactic in phishing scams.
The emails stand out because they lack traditional phishing links, instead directing users to legitimate Coinbase pages to build trust. The core mechanism involves providing a pre-generated recovery phrase, exploiting the user's potential misunderstanding of recovery phrases. By convincing users to set up their new Coinbase Wallet with this phrase, attackers gain full access to the wallet.
Recommended read:
References :
- The DefendOps Diaries: The Evolving Threat of Phishing Scams: A Case Study on Coinbase Users
- www.bleepingcomputer.com: Coinbase phishing email tricks users with fake wallet migration
- The420.in: Coinbase Users Targeted in Sophisticated Phishing Scam Posing as Wallet Migration
Lorenzo Franceschi-Bicchierai@techcrunch.com
//
The U.S. Secret Service, in collaboration with international law enforcement agencies, has seized the domain of the Russian cryptocurrency exchange Garantex. This action was part of an ongoing investigation and involved agencies such as the Department of Justice's Criminal Division, the FBI, Europol, the Dutch National Police, the German Federal Criminal Police Office, the Frankfurt General Prosecutor's Office, the Finnish National Bureau of Investigation, and the Estonian National Criminal Police. The Secret Service confirmed the seizure of website domains associated with Garantex's administration and operation.
The seizure warrant was obtained by the US Attorney's Office for the Eastern District of Virginia. Garantex had previously been sanctioned by the U.S. in April 2022, due to its association with illicit activities. Authorities have linked over $100 million in transactions on the exchange to criminal enterprises and dark web markets, including substantial sums connected to the Conti ransomware gang and the Hydra online drug marketplace.
Recommended read:
References :
- bsky.app: The US Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol.
- The Register - Security: International cops seize ransomware crooks' favorite Russian crypto exchange
- infosec.exchange: UPDATE: Secret Service spokesperson told us that it "has seized website domains associated with the administration and operation of Russian cryptocurrency exchange, Garantex as part of an ongoing investigation."
- Zack Whittaker: NEW: Russian crypto exchange Garantex has been seized by the U.S. Secret Service during an international law enforcement operation. FBI declined to comment; Secret Service didn't respond, but Garantex's domain is now pointing to nameservers run by the Secret Service. More from :
- securityaffairs.com: International law enforcement operation seized the domain of the Russian crypto exchange Garantex
- The Register - Security: Uncle Sam charges alleged Garantex admins after crypto-exchange web seizures
- infosec.exchange: NEW: The U.S. government has accused two administrators of Russian crypto exchange Garantex of facilitating money laundering for terrorists and cybercriminals. Aleksej Besciokov and Aleksandr Mira Serda allegedly knew they were helping ransomware hackers as well as DPRK's Lazarus Group. Besciokov is also accused of conspiracy to violate U.S. sanctions.
- The Hacker News: U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website
- infosec.exchange: NEW: U.S. Secret Service and other international law enforcement agencies have seized the website of Russian crypto exchange Garantex. Garantex had previously been sanctioned by the U.S. government for being associated with ransomware gangs like Conti and darknet markets, as well as by the European Union for ties to sanctioned Russian banks.
- The DefendOps Diaries: International Collaboration in the Takedown of Garantex
- Threats | CyberScoop: The Department of Justice also indicted two men tied to the exchange.
- BleepingComputer: The administrators of the Russian Garantex crypto-exchange have been charged in the United States with facilitating money laundering for criminal organizations and violating sanctions.
- techcrunch.com: US charges admins of Garantex for allegedly facilitating crypto money laundering for terrorists and hackers
- Metacurity: Law enforcement took down hacker-friendly Russian crypto exchange Garantex
- www.scworld.com: Global law enforcement crackdown hits Russian crypto exchange Garantex
- securityonline.info: Secret Service-Led Operation Seizes Garantex Cryptocurrency Exchange
- techcrunch.com: Russian crypto exchange Garantex seized by law enforcement operation
- Jon Greig: US officials charged Aleksej Besciokov and Aleksandr Mira Serda on Friday for their roles at Garantex They also made copies of Garantex’s customer and accounting databases before servers were seized by German and Finnish officials
- infosec.exchange: NEW: After authorities took down the domains of Russian crypto exchange's Garantex, and charged two of its administrators for facilitating money laundering, the company is now inviting customers for “face-to-face meetings� at its headquarters. 🤔
- hackread.com: Garantex Crypto Exchange Seized, Two Charged in Laundering Scheme
- techcrunch.com: Following takedown operation, Garantex invites customers to ‘face-to-face’ Moscow meeting
- BrianKrebs: Scoop: Alleged Co-Founder of sanctioned cryptocurrency exchange Garantex arrested in India. Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.
- krebsonsecurity.com: Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.
- Security | TechRepublic: Long Arm of the Law Comes for Russian Crypto: Why Secret Service Seized Garantex
- BleepingComputer: Garantex crypto exchange admin arrested while on vacation
- Chainalysis: International Action Dismantles Notorious Russian Crypto Exchange Garantex
- The DefendOps Diaries: International Crackdown on Garantex: Implications for the Crypto Industry
Ojukwu Emmanuel@Tekedia
//
The Bybit cryptocurrency exchange has reportedly suffered a massive security breach, with hackers allegedly linked to North Korea making off with $1.4 billion in Ethereum. This incident is being called potentially the largest crypto theft in history. Experts from multiple blockchain security companies have confirmed that the stolen Ethereum has already been moved to new addresses, marking the initial phase of money laundering.
Ari Redbord, a former federal prosecutor and senior Treasury official, highlighted the "unprecedented level of operational efficiency" displayed by the hackers in rapidly laundering the stolen funds. He suggested that North Korea might have expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to process illicit funds. The FBI has also linked North Korea-linked TraderTraitor as responsible for the $1.5 Billion Bybit hack
Recommended read:
References :
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine.
- Secure Bulletin: The Lazarus Group, a notorious North Korean state-sponsored hacking collective, has once again demonstrated its sophistication and audacity with a staggering $1.5 billion cryptocurrency heist targeting Bybit, a major crypto exchange.
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- infosec.exchange: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum. Bybit also disclosed preliminary results of investigations, which reveal hackers breached a developer’s device at a wallet platform Safe Wallet.
- SecureWorld News: Bybit Hack: FBI Attributes to North Korea, Urges Crypto Sector to Act
- The Register - Security: FBI officially fingers North Korea for $1.5B Bybit crypto-burglary
- PCMag UK security: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- Zack Whittaker: your weekly ~ this week in security ~ is out: • North Korea's record-breaking $1.4B crypto heist
- www.cysecurity.news: Bybit Suffers Historic $1.5 Billion Crypto Hack, Lazarus Group Implicated
- infosec.exchange: NEW: The (allegedly North Korean) hackers behind the Bybit crypto heist have already laundered all the stolen Ethereum, which was worth $1.4 billion. Ari Redbord, former federal prosecutor and senior Treasury official, told me this laundering shows “unprecedented level of operational efficiency,� but there's more steps they need to take to cash out. “This rapid laundering suggests that North Korea has either expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to absorb and process illicit funds,� said Redbord.
- The Record: Experts from multiple blockchain security companies said that North Korean hackers were able to move all of the ETH coins stolen from Bybit to new addresses — the first step taken before the funds can be laundered further
- The Record: A provincial court in Barcelona has ordered that three former senior executives at NSO Group be indicted for their alleged role in a high-profile hacking scandal in which at least 63 Catalan civil society members were targeted with the company’s surveillance technology
- Know Your Adversary: News item discussing the massive Bybit crypto theft, potentially the largest in history.
- Metacurity: Lazarus Group hackers have laundered 100% of the $1.4 billion they stole from Bybit
- The Hacker News: Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
Ojukwu Emmanuel@Tekedia
//
On February 21, 2025, the cryptocurrency exchange Bybit suffered a massive security breach resulting in the theft of approximately $1.46 billion in crypto assets. Investigations have pointed towards the Lazarus Group, a North Korean state-sponsored hacking collective, as the perpetrators behind the audacious heist. The FBI has officially accused the Lazarus Group of stealing $1.5 billion in Ethereum and has requested assistance in tracking down the stolen funds.
Bybit has declared war on the Lazarus Group following the incident and is offering a $140 million bounty for information leading to the recovery of the stolen cryptocurrency. CEO Ben Zhou has launched Lazarusbounty.com, a bounty site aiming for transparency on the Lazarus Group's money laundering activities. The attack involved exploiting vulnerabilities in a multisig wallet platform, Safe{Wallet}, by compromising a developer’s machine, enabling the transfer of over 400,000 ETH and stETH (worth over $1.5 billion) to an address under their control.
Recommended read:
References :
- The Register - Security: The FBI has officially accused North Korea's Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for help tracking down the stolen funds.
- Secure Bulletin: The Lazarus Group, a notorious North Korean state-sponsored hacking collective, has once again demonstrated its sophistication and audacity with a staggering $1.5 billion cryptocurrency heist targeting Bybit, a major crypto exchange.
- SecureWorld News: On February 21, 2025, the cryptocurrency world was rocked by the largest crypto heist in history. Dubai-based exchange Bybit was targeted in a malware-driven attack that resulted in the theft of approximately $1.46 billion in crypto assets.
- Tekedia: Bybit, a leading crypto exchange, has declared war on “notorious� Lazarus group, a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. This is coming after the crypto exchange experienced a security breach resulting in the unauthorized transfer of over $1.4 billion in liquid-staked crypto assets.
- ChinaTechNews.com: North Korea was behind the theft of approximately $1.5bn in virtual assets from a cryptocurrency exchange, the FBI has said, in what is being described as the biggest heist in history.
- iHLS: Largest-Ever Crypto Heist steals $1.4 Billion
- techcrunch.com: The FBI said the North Korean government is ‘responsible’ for the hack at crypto exchange Bybit, which resulted in the theft of more than $1.4 billion in Ethereum cryptocurrency.
- PCMag UK security: The FBI is urging the cryptocurrency industry to freeze any transactions tied to the Bybit heist. The FBI has the $1.4 billion cryptocurrency at Bybit to North Korean state-sponsored hackers after security researchers reached the same conclusion.
- Talkback Resources: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge [net] [mal]
- thehackernews.com: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
- PCMag UK security: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- www.pcmag.com: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- SecureWorld News: FBI Attributes Bybit Hack: FBI Attributes to North Korea, Urges Crypto Sector to Act
- Dan Goodin: InfoSec Exchange Post on the FBI attribution to the Lazarus group and Bybit hack
- bsky.app: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- Wallarm: Lab Wallarm discusses how Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
- infosec.exchange: NEW: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum. Bybit also disclosed preliminary results of investigations, which reveal hackers breached a developer’s device at a wallet platform Safe Wallet.
- securityaffairs.com: FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack
- Cybercrime Magazine: Bybit Suffers Largest Crypto Hack In History
- www.cnbc.com: Details on the attack in a news article
- The Register - Security: Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- gbhackers.com: Researchers Uncover $1.4B in Sensitive Data Tied to ByBit Hack by Lazarus Group
- infosec.exchange: NEW: After security researchers and firms accused North Korea of the massive Bybit hack, the FBI follows suit. North Korean government hackers allegedly stoled more than $1.4 billion in Ethereum from the crypto exchange.
- www.cysecurity.news: Bybit Suffers Historic $1.5 Billion Crypto Hack, Lazarus Group Implicated
- infosec.exchange: Bybit, that major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets stolen, in what’s estimated to be the largest crypto heist in history.
- BleepingComputer: Bybit, a major cryptocurrency exchange, has fallen victim to a massive cyberattack, with approximately $1.5 billion in cryptocurrency stolen. The breach is believed to be the largest single theft in crypto history.
- Taggart :donor:: Cryptocurrency exchange Bybit suffered a massive security breach, resulting in the loss of $1.5 billion in digital assets. The hack compromised the exchange's cold wallet and involved sophisticated techniques to steal the funds.
- www.cysecurity.news: CySecurity News report on the Bybit hack, its implications, and the potential Lazarus Group connection.
- The420.in: The 420 report on Bybit theft
- infosec.exchange: Details of the Bybit hack and Lazarus Group's involvement.
- Talkback Resources: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- Zack Whittaker: Grab some coffee — your weekly ~ this week in security ~ is out: • North Korea's record-breaking $1.4B crypto heist
- infosec.exchange: Infosec Exchange post about Bybit crypto heist.
- The Record: Experts from multiple blockchain security companies said that North Korean hackers were able to move all of the ETH coins stolen from Bybit to new addresses — the first step taken before the funds can be laundered further
- infosec.exchange: The (allegedly North Korean) hackers behind the Bybit crypto heist have already laundered all the stolen Ethereum, which was worth $1.4 billion.
- Metacurity: Lazarus Group hackers have laundered 100% of the $1.4 billion they stole from Bybit
Oluwapelumi Adejumo@CryptoSlate
//
The FBI has officially attributed the massive $1.4 billion Ethereum theft from the Bybit crypto exchange to the North Korean Lazarus Group. This determination follows accusations from security researchers and firms, solidifying suspicions surrounding the notorious state-sponsored hacking collective. The incident is considered the largest crypto theft in history, underscoring the increasing sophistication of cyber threats targeting digital assets.
The Lazarus Group's attack involved compromising a developer's machine associated with Safe Wallet, a multisig wallet platform. By injecting malicious code into a JavaScript file, the attackers manipulated a planned transfer of funds from Bybit's cold wallet to its hot wallet. This allowed them to redirect over 400,000 ETH and stETH, worth approximately $1.5 billion, to an address under their control. The attack exploited vulnerabilities in Bybit's cold wallet management and multi-signature approval systems, highlighting the need for robust cybersecurity measures within the digital asset space.
Recommended read:
References :
- blog.checkpoint.com: Check Point Research Explains What the Bybit Hack Means.
- securityaffairs.com: Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
- www.the420.in: Largest cryptocurrency heist ever: Bybit Loses Rs 12,000+ Crore.
- Talkback Resources: Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
- The420.in: On Friday, cryptocurrency exchange Bybit disclosed that a highly sophisticated attack resulted in the theft of more than Rs 11,972 crores in digital assets from one of its offline Ethereum wallets—the largest crypto heist on record.
- Check Point Blog: Executive Summary: In one of the largest thefts in digital asset history, hackers gained access to an offline Ethereum wallet and stole $1.5 billion worth of digital assets, primarily consisting of Ethereum tokens.
- BleepingComputer: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- billatnapier.medium.com: One of the Largest Hacks Ever? But Will The Hackers Be Able To Launder The Gains?
- thecyberexpress.com: Bybit ETH Cold Wallet Compromised in Complex Cyberattack, Platform Secures Funds
- PCMag UK security: $1.4 Billion Bybit Crypto Heist Tied to North Korean Hackers
- Cybercrime Magazine: Cybersecurity wake-up call for cryptocurrency exchanges
- infosec.exchange: NEW: After security researchers and firms accused North Korea of the massive Bybit hack, the FBI follows suit. North Korean government hackers allegedly stoled more than $1.4 billion in Ethereum from the crypto exchange.
- Secure Bulletin: Lazarus group’s Billion-Dollar Bybit heist: a cyber forensics analysis
- SecureWorld News: Bybit Hack: $1.46 Billion Crypto Heist Points to North Korea's Lazarus Group
- The Register - Security: The Register reports FBI officially fingers North Korea for $1.5B Bybit crypto-burglary.
- infosec.exchange: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum. Bybit also disclosed preliminary results of investigations, which reveal hackers breached a developer’s device at a wallet platform Safe Wallet.
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- PCMag UK security: The FBI is urging the cryptocurrency industry to freeze any transactions tied to the Bybit heist.
- SecureWorld News: The U.S. Federal Bureau of Investigation (FBI) officially attributed the massive to North Korea's state-sponsored hacking group, TraderTraitor, more commonly known as the infamous Lazarus Group.
- infosec.exchange: Bybit, a major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets stolen, in what’s estimated to be the largest crypto heist in history.
- Talkback Resources: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge [net] [mal]
- iHLS: Largest-Ever Crypto Heist steals $1.4 Billion
- www.cysecurity.news: CySecurity News report on Bybit's $1.5 billion crypto hack.
- Wallarm: API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
- www.cysecurity.news: CySecurity News article on the Bybit hack and Lazarus Group involvement.
- Zack Whittaker: Grab some coffee — your weekly ~ this week in security ~ is out: • North Korea's record-breaking $1.4B crypto heist
- Malware ? Graham Cluley: In episode 406 of the "Smashing Security" podcast, we explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion
|
|
FlagThis - #Cryptocurrency