Oluwapelumi Adejumo@CryptoSlate
//
Cryptocurrency exchange Bybit has confirmed a record-breaking theft of approximately $1.46 billion in digital assets from one of its offline Ethereum wallets. The attack, which occurred on Friday, is believed to be the largest crypto heist on record. Bybit disclosed that a highly sophisticated attack resulted in the theft of more than Rs 11,972 crores in digital assets.
The theft targeted an Ethereum cold wallet, involving a manipulation of a transaction from the cold wallet to a warm wallet. This allowed the attacker to gain control and transfer the funds to an unidentified address. The incident highlights the rising trend of cryptocurrency heists, driven by the allure of profits and challenges in tracing such crimes.
Recommended read:
References :
- www.techmeme.com: ZachXBT: crypto exchange Bybit has experienced $1.46B worth of "suspicious outflows"; Bybit CEO confirms hacker took control of cold ETH wallet
- CryptoSlate: The crypto exchange ByBit has been hacked, and roughly $1.5 billion in Ethereum (ETH) has been stolen — making this one of the biggest hacks in history.
- infosec.exchange: NEW: Crypto exchange Bybit said it was hacked and suffered a loss of around $1.4 billion (~401,346 ETH) at the time of the hack.
- PCMag UK security: The Bybit exchange lost 400,000 in ETH, or about $1.4 billion, before the price began to slide, making it the biggest crypto-related hack in history.
- techcrunch.com: TechCrunch reports on the Bybit hack, disclosing a loss of approximately $1.4 billion in Ethereum.
- ciso2ciso.com: In a major cybersecurity incident, Bybit, the world’s 2nd-largest crypto exchange suffered a $1.4 billion ETH hack from a cold wallet breach.
- ciso2ciso.com: Bybit Hack: $1.4B Stolen from World’s 2nd Largest Crypto Exchange – Source:hackread.com
- cryptoslate.com: ByBit suffers $1.5 billion Ethereum heist in cold wallet breach
- www.coindesk.com: Bybit experiences USD1.46B in suspicious outflows
- BleepingComputer: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- The Cryptonomist: 3 Best Bybit Alternatives As Top CEX Is Hacked
- Gulf Business: ‘Worst hack in history’: Dubai crypto exchange Bybit suffers $1.5bn ether heist
- Anonymous ???????? :af:: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- www.bleepingcomputer.com: Hacker steals record $1.46 billion in ETH from Bybit cold wallet
- Techmeme: Bybit Loses $1.5B in Hack but Can Cover Loss, CEO Confirms (Oliver Knight/CoinDesk)
- Report Boom: Report on the Bybit crypto heist, detailing the incident and security recommendations.
- thehackernews.com: Report on the Bybit hack, highlighting the scale of the theft and its implications.
- reportboom.com: Reportboom article about Bybit's $1.46B Crypto Heist.
- www.it-daily.net: Bybit hacked: record theft of 1.5 billion US dollars
- Protos: News about the Bybit cryptocurrency exchange being hacked for over \$1.4 billion.
- The420.in: On Friday, cryptocurrency exchange Bybit disclosed that a highly sophisticated attack resulted in the theft of more than Rs 11,972 crores in digital assets from one of its offline Ethereum wallets—the largest crypto heist on record.
- TechSpot: The hackers stole the crypto from Bybit's cold wallet, an offline storage system.
- Talkback Resources: Crypto exchange Bybit was targeted in a $1.46 billion theft by the Lazarus Group, highlighting the rising trend of cryptocurrency heists driven by the allure of profits and challenges in tracing such crimes.
- www.bleepingcomputer.com: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- www.the420.in: The420.in: Biggest Crypto Heist Ever: Bybit Loses Rs 12,000+ Crore in Sophisticated Ethereum Wallet Attack!
- www.cnbc.com: This report discusses the Bybit hack, detailing the amount stolen and the potential impact on the crypto market.
- www.engadget.com: This news piece reports on the massive crypto heist from Bybit, highlighting the scale of the incident and the impact on the crypto market.
- Techmeme: Arkham says ZachXBT submitted proof that North Korea's Lazarus Group is behind Bybit's $1.5B hack, which is the largest single theft in crypto history
- BrianKrebs: Infosec exchange post describing Bybit breach.
- Talkback Resources: Bybit cryptocurrency exchange suffered a cyberattack resulting in the theft of $1.5 billion worth of digital currency, including over 400,000 ETH and stETH, with potential vulnerabilities in the Safe.global platform's user interface exploited.
- securityaffairs.com: SecurityAffairs reports Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever.
- gulfbusiness.com: ‘Worst hack in history’: Dubai crypto exchange Bybit suffers $1.5bn ether heist
- techcrunch.com: Crypto exchange Bybit says it was hacked and lost around $1.4B
- Tekedia: The cryptocurrency industry has been rocked by what is now considered the largest digital asset theft in history, as Bybit, a leading crypto exchange, confirmed on Friday that hackers stole approximately $1.4 billion worth of Ethereum (ETH) from one of its offline wallets.
- blog.checkpoint.com: What the Bybit Hack Means for Crypto Security and the Future of Multisig Protection
- Dan Goodin: Crypto exchange Bybit said it was hacked and suffered a loss of around $1.4 billion (~401,346 ETH) at the time of the hack.
- BleepingComputer: Crypto exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- Security Boulevard: North Korea’s Lazarus Group Hacks Bybit, Steals $1.5 Billion in Crypto
- bsky.app: Elliptic is following the money on this ByBit hack - the biggest theft ot all time. “Within 2 hours of the theft, the stolen funds were sent to 50 different wallets, each holding approximately 10,000 ETH. These are now being systematically emptied�.
- Talkback Resources: Talkback Post about the $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived
- infosec.exchange: Reports that North Korean hackers stole $1.4 billion in crypto from Bybit.
- securityboulevard.com: North Korea's notorious Lazarus Group reportedly stole $1.5 billion in cryptocurrency from the Bybit exchange in what is being called the largest hack in the controversial market's history.
- billatnapier.medium.com: One of the Largest Hacks Ever? But Will The Hackers Be Able To Launder The Gains?
- thecyberexpress.com: thecyberexpress.com - Details on Bybit Cyberattack.
- Matthew Rosenquist: This may turn out to be the biggest hack in history! $1.5 BILLION.
- PCMag UK security: The $1.4 billion at Bybit—the largest known cryptocurrency heist in history—has been traced to the notorious Lazarus North Korean hacking group.
- www.nbcnews.com: Hackers steal $1.5 billion from exchange Bybit in biggest-ever crypto heist: Blockchain analysis firm Elliptic later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking collective
- www.pcmag.com: Researchers spot the $1.4 billion stolen from Bybit moving through cryptocurrency wallets that were used in earlier heists attributed to North Korea's Lazarus hacking group.
- siliconangle.com: $1.5B in cryptocurrency stolen from Bybit in attack linked to North Korean hackers
- www.americanbanker.com: Nearly $1.5 billion in tokens lost in Bybit crypto exchange hack
- SiliconANGLE: SiliconAngle reports on the details of the Bybit hack and links it to North Korean hackers.
- techcrunch.com: TechCrunch reports on the massive crypto heist, citing research that points to North Korean hackers as perpetrators.
- OODAloop: Reports that North Korea’s Lazarus Group APT is Behind Largest Crypto Heist Ever
- Be3: Looming Shadows: $1.5 Billion Crypto Heist Shakes Confidence in Security Measures
- Schneier on Security: Schneier on Security covers the North Korean Hackers Stealing $1.5B in Cryptocurrency.
- Dataconomy: How the Bybit hack shook the crypto world: $1.5B gone overnight
- be3.sk: Looming Shadows: $1.5 Billion Crypto Heist Shakes Confidence in Security Measures
- Risky Business: Risky Business #781 -- How Bybit oopsied $1.4bn
- cyberriskleaders.com: Bybit, a leading exchange, was hacked for USD1.4 billion in Ethereum and staked Ethereum, sending shockwaves through the digital asset community.
- www.csoonline.com: Independent investigation finds connections to the Lazarus Group.
- Cybercrime Magazine: Bybit suffers the largest crypto hack in history
- www.theguardian.com: Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit.
- bsky.app: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- SecureWorld News: SecureWorld reports on the Bybit hack, attributing it to the Lazarus Group.
- OODAloop: The Largest Theft in History – Following the Money Trail from the Bybit Hack
- gbhackers.com: Researchers Uncover $1.4B in Sensitive Data Tied to ByBit Hack by Lazarus Group
- Secure Bulletin: Lazarus group’s Billion-Dollar Bybit heist: a cyber forensics analysis
- Talkback Resources: "
THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma [mal]
- infosec.exchange: NEW: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum.
- CyberInsider: Record $1.5 billion Bybit hack undermines trust in crypto security
- The Register - Security: Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds.
- PCMag UK security: The malicious Javascript code used in the attack could secretly modify transactions for Safe{Wallet}, a cryptocurrency wallet provider. The suspected North Korean hackers who $1.4 billion in cryptocurrency from Bybit pulled off the heist by infiltrating a digital wallet provider and tampering with its software.
- techcrunch.com: Last week, hackers stole around $1.4 billion in Ethereum cryptocurrency from crypto exchange Bybit, believed to be the largest crypto heist in history. Now the company is offering a total of $140 million in bounties for anyone who can help trace and freeze the stolen funds. Bybit’s CEO and
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- The Register - Security: The FBI has officially accused North Korea's Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for help tracking down the stolen funds.
- techcrunch.com: The FBI has said the North Korean government is “responsible� for the hack at crypto exchange Bybit, which resulted in the theft of more than $1.4 billion in Ethereum cryptocurrency.
- Talkback Resources: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge [net] [mal]
- PCMag UK security: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- The420.in: Rs 1.27 trillion Stolen: Bybit Joins the Ranks of Crypto’s Largest Thefts – Full List Inside
- Talkback Resources: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers [mal]
- Tekedia: Bybit Declares War on “Notorious� Lazarus Group After $1.4B Hack, Offers $140m Reward
- SecureWorld News: The FBI officially attributed the massive to North Korea's state-sponsored hacking group, TraderTraitor, more commonly known as the infamous Lazarus Group.
- ChinaTechNews.com: North Korea was behind the theft of approximately $1.5bn in virtual assets from a cryptocurrency exchange, the FBI has said, in what is being described as the biggest heist in history.
- Wallarm: API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
Ojukwu Emmanuel@Tekedia
//
On February 21, 2025, the cryptocurrency exchange Bybit suffered a massive security breach resulting in the theft of approximately $1.46 billion in crypto assets. Investigations have pointed towards the Lazarus Group, a North Korean state-sponsored hacking collective, as the perpetrators behind the audacious heist. The FBI has officially accused the Lazarus Group of stealing $1.5 billion in Ethereum and has requested assistance in tracking down the stolen funds.
Bybit has declared war on the Lazarus Group following the incident and is offering a $140 million bounty for information leading to the recovery of the stolen cryptocurrency. CEO Ben Zhou has launched Lazarusbounty.com, a bounty site aiming for transparency on the Lazarus Group's money laundering activities. The attack involved exploiting vulnerabilities in a multisig wallet platform, Safe{Wallet}, by compromising a developer’s machine, enabling the transfer of over 400,000 ETH and stETH (worth over $1.5 billion) to an address under their control.
Recommended read:
References :
- The Register - Security: The FBI has officially accused North Korea's Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for help tracking down the stolen funds.
- Secure Bulletin: The Lazarus Group, a notorious North Korean state-sponsored hacking collective, has once again demonstrated its sophistication and audacity with a staggering $1.5 billion cryptocurrency heist targeting Bybit, a major crypto exchange.
- SecureWorld News: On February 21, 2025, the cryptocurrency world was rocked by the largest crypto heist in history. Dubai-based exchange Bybit was targeted in a malware-driven attack that resulted in the theft of approximately $1.46 billion in crypto assets.
- Tekedia: Bybit, a leading crypto exchange, has declared war on “notorious� Lazarus group, a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. This is coming after the crypto exchange experienced a security breach resulting in the unauthorized transfer of over $1.4 billion in liquid-staked crypto assets.
- ChinaTechNews.com: North Korea was behind the theft of approximately $1.5bn in virtual assets from a cryptocurrency exchange, the FBI has said, in what is being described as the biggest heist in history.
- iHLS: Largest-Ever Crypto Heist steals $1.4 Billion
- techcrunch.com: The FBI said the North Korean government is ‘responsible’ for the hack at crypto exchange Bybit, which resulted in the theft of more than $1.4 billion in Ethereum cryptocurrency.
- PCMag UK security: The FBI is urging the cryptocurrency industry to freeze any transactions tied to the Bybit heist. The FBI has the $1.4 billion cryptocurrency at Bybit to North Korean state-sponsored hackers after security researchers reached the same conclusion.
- Talkback Resources: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge [net] [mal]
- thehackernews.com: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
- PCMag UK security: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- www.pcmag.com: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- SecureWorld News: FBI Attributes Bybit Hack: FBI Attributes to North Korea, Urges Crypto Sector to Act
- Dan Goodin: InfoSec Exchange Post on the FBI attribution to the Lazarus group and Bybit hack
- bsky.app: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- Wallarm: Lab Wallarm discusses how Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
- infosec.exchange: NEW: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum. Bybit also disclosed preliminary results of investigations, which reveal hackers breached a developer’s device at a wallet platform Safe Wallet.
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- Cybercrime Magazine: Bybit Suffers Largest Crypto Hack In History
- www.cnbc.com: Details on the attack in a news article
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- The Register - Security: Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet
- gbhackers.com: Researchers Uncover $1.4B in Sensitive Data Tied to ByBit Hack by Lazarus Group
- infosec.exchange: NEW: After security researchers and firms accused North Korea of the massive Bybit hack, the FBI follows suit. North Korean government hackers allegedly stoled more than $1.4 billion in Ethereum from the crypto exchange.
- www.cysecurity.news: Bybit Suffers Historic $1.5 Billion Crypto Hack, Lazarus Group Implicated
- infosec.exchange: Bybit, that major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets stolen, in what’s estimated to be the largest crypto heist in history.
- BleepingComputer: Bybit, a major cryptocurrency exchange, has fallen victim to a massive cyberattack, with approximately $1.5 billion in cryptocurrency stolen. The breach is believed to be the largest single theft in crypto history.
- Taggart :donor:: Cryptocurrency exchange Bybit suffered a massive security breach, resulting in the loss of $1.5 billion in digital assets. The hack compromised the exchange's cold wallet and involved sophisticated techniques to steal the funds.
- www.cysecurity.news: CySecurity News report on the Bybit hack, its implications, and the potential Lazarus Group connection.
- The420.in: The 420 report on Bybit theft
- infosec.exchange: Details of the Bybit hack and Lazarus Group's involvement.
- Talkback Resources: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- Zack Whittaker: your weekly ~ this week in security ~ is out: • North Korea's record-breaking $1.4B crypto heist
- infosec.exchange: NEW: The (allegedly North Korean) hackers behind the Bybit crypto heist have already laundered all the stolen Ethereum, which was worth $1.4 billion. Ari Redbord, former federal prosecutor and senior Treasury official, told me this laundering shows “unprecedented level of operational efficiency,� but there's more steps they need to take to cash out. “This rapid laundering suggests that North Korea has either expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to absorb and process illicit funds,� said Redbord.
- The Record: Experts from multiple blockchain security companies said that North Korean hackers were able to move all of the ETH coins stolen from Bybit to new addresses — the first step taken before the funds can be laundered further
- The Record: Experts from multiple blockchain security companies said that North Korean hackers were able to move all of the ETH coins stolen from Bybit to new addresses — the first step taken before the funds can be laundered further
- Know Your Adversary: News item discussing the massive Bybit crypto theft, potentially the largest in history.
- Metacurity: Lazarus Group hackers have laundered 100% of the $1.4 billion they stole from Bybit
- infosec.exchange: The (allegedly North Korean) hackers behind the Bybit crypto heist have already laundered all the stolen Ethereum, which was worth $1.4 billion.
- Resources-2: FBI Confirms North Korean Lazarus Group Behind $1.5 Billion Bybit Crypto Heist
- : North Korea Targeting Crypto Industry, Says FBI
- The Hacker News: Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
Oluwapelumi Adejumo@CryptoSlate
//
The FBI has officially attributed the massive $1.4 billion Ethereum theft from the Bybit crypto exchange to the North Korean Lazarus Group. This determination follows accusations from security researchers and firms, solidifying suspicions surrounding the notorious state-sponsored hacking collective. The incident is considered the largest crypto theft in history, underscoring the increasing sophistication of cyber threats targeting digital assets.
The Lazarus Group's attack involved compromising a developer's machine associated with Safe Wallet, a multisig wallet platform. By injecting malicious code into a JavaScript file, the attackers manipulated a planned transfer of funds from Bybit's cold wallet to its hot wallet. This allowed them to redirect over 400,000 ETH and stETH, worth approximately $1.5 billion, to an address under their control. The attack exploited vulnerabilities in Bybit's cold wallet management and multi-signature approval systems, highlighting the need for robust cybersecurity measures within the digital asset space.
Recommended read:
References :
- blog.checkpoint.com: Check Point Research Explains What the Bybit Hack Means.
- securityaffairs.com: Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
- www.the420.in: Largest cryptocurrency heist ever: Bybit Loses Rs 12,000+ Crore.
- Talkback Resources: Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
- The420.in: On Friday, cryptocurrency exchange Bybit disclosed that a highly sophisticated attack resulted in the theft of more than Rs 11,972 crores in digital assets from one of its offline Ethereum wallets—the largest crypto heist on record.
- Check Point Blog: Executive Summary: In one of the largest thefts in digital asset history, hackers gained access to an offline Ethereum wallet and stole $1.5 billion worth of digital assets, primarily consisting of Ethereum tokens.
- BleepingComputer: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- billatnapier.medium.com: One of the Largest Hacks Ever? But Will The Hackers Be Able To Launder The Gains?
- thecyberexpress.com: Bybit ETH Cold Wallet Compromised in Complex Cyberattack, Platform Secures Funds
- PCMag UK security: $1.4 Billion Bybit Crypto Heist Tied to North Korean Hackers
- Cybercrime Magazine: Cybersecurity wake-up call for cryptocurrency exchanges
- infosec.exchange: NEW: After security researchers and firms accused North Korea of the massive Bybit hack, the FBI follows suit. North Korean government hackers allegedly stoled more than $1.4 billion in Ethereum from the crypto exchange.
- Secure Bulletin: Lazarus group’s Billion-Dollar Bybit heist: a cyber forensics analysis
- SecureWorld News: Bybit Hack: $1.46 Billion Crypto Heist Points to North Korea's Lazarus Group
- The Register - Security: The Register reports FBI officially fingers North Korea for $1.5B Bybit crypto-burglary.
- infosec.exchange: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum. Bybit also disclosed preliminary results of investigations, which reveal hackers breached a developer’s device at a wallet platform Safe Wallet.
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- PCMag UK security: The FBI is urging the cryptocurrency industry to freeze any transactions tied to the Bybit heist.
- SecureWorld News: The U.S. Federal Bureau of Investigation (FBI) officially attributed the massive to North Korea's state-sponsored hacking group, TraderTraitor, more commonly known as the infamous Lazarus Group.
- infosec.exchange: Bybit, a major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets stolen, in what’s estimated to be the largest crypto heist in history.
- Talkback Resources: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge [net] [mal]
- iHLS: Largest-Ever Crypto Heist steals $1.4 Billion
- www.cysecurity.news: CySecurity News report on Bybit's $1.5 billion crypto hack.
- Wallarm: API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
- www.cysecurity.news: CySecurity News article on the Bybit hack and Lazarus Group involvement.
- Zack Whittaker: Grab some coffee — your weekly ~ this week in security ~ is out: • North Korea's record-breaking $1.4B crypto heist
- Malware ? Graham Cluley: In episode 406 of the "Smashing Security" podcast, we explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion
info@thehackernews.com (The Hacker News)@The Hacker News
//
SecurityScorecard has uncovered a stealthy malware campaign orchestrated by North Korea's Lazarus Group, dubbed "Marstech Mayhem." The campaign involves the deployment of an advanced malware implant named "marstech1," designed to target cryptocurrency wallets and infiltrate the software supply chain. The implant first emerged in late December 2024, spreading through open-source software via GitHub and NPM packages, putting unsuspecting developers and their projects at risk. The group has been injecting JavaScript implants into repositories, blending malicious code with legitimate code to avoid detection.
The marstech1 implant targets Exodus and Atomic cryptocurrency wallets on Linux, macOS, and Windows. Once installed, the malware scans systems for crypto wallets, attempting to steal sensitive information. SecurityScorecard confirmed at least 233 victims across the U.S., Europe, and Asia. According to SecurityScorecard’s analysis, the threat actors have established a command and control server hosted on Stark Industries LLC infrastructure. Ryan Sherstobitoff, SecurityScorecard’s SVP of threat research and intelligence, noted that the malware uses layered obfuscation techniques, highlighting the group's sophisticated approach to evading static and dynamic analysis.
Recommended read:
References :
- readwrite.com: Details of marstech1 implant used by Lazarus group in supply chain attacks.
- The Hacker News: Article describing Lazarus Group's attack campaign targeting developers using marstech1 implant.
- www.developer-tech.com: Report on Lazarus Group's use of marstech1 malware.
- ReadWrite: North Korea’s Lazarus Group spreads crypto-stealing malware through open-source software
- Developer Tech News: Lazarus Group infiltrates supply chain with stealthy malware
Help Net Security@Help Net Security
//
Researchers have uncovered that the Lazarus Group, a North Korean state-sponsored hacking group, is using a web-based administrative panel built with React and Node.js to manage their global cyber operations. This platform gives them a centralized control point for overseeing compromised systems, organizing stolen data, and delivering malicious payloads. The administrative layer, dubbed "Phantom Circuit," is consistent across the group's command-and-control servers, allowing them to orchestrate campaigns with precise control, even while varying their payloads and obfuscation techniques.
This hidden framework is part of a supply chain attack named "Operation Phantom Circuit," where the Lazarus Group targets cryptocurrency entities and software developers by embedding backdoors into legitimate software packages. They trick developers into downloading and running compromised open-source GitHub repositories, which then connect to the group's C2 infrastructure. This approach allows the Lazarus Group to infiltrate companies around the world and exfiltrate sensitive data back to Pyongyang. The operation has claimed over 233 victims, primarily within the cryptocurrency industry, between September 2024 and January 2025, and it is linked to North Korea through the use of Astrill VPNs and six distinct North Korean IP addresses.
Recommended read:
References :
- ciso2ciso.com: The ongoing investigation into recent attacks by the Lazarus Group on cryptocurrency entities and software developers.
- The Hacker News: The Lazarus Group uses React application for C2 control.
- Pyrzout :vm:: North Koreans clone open source projects to plant backdoors, steal credentials – Source: go.theregister.com
- gbhackers.com: Reporting on the Lazarus Group's targeting of developers through malicious NPM packages
@www.bloomberg.com
//
Hyperliquid, a decentralized derivatives exchange, is facing scrutiny after experiencing significant outflows of over $112 million in USDC. Concerns have been raised regarding a potential security breach and the possible involvement of the North Korean hacking group Lazarus. Security experts have highlighted vulnerabilities within Hyperliquid's framework and warned of the group's potential targeting of the platform. This situation led to a sharp decline of over 20% in the price of Hyperliquid's native token. Hyperliquid has denied any compromise, but suspicious transaction activity is under investigation.
Cybersecurity specialists have expressed concerns over Hyperliquid's security framework, citing the platform's concentrated validator model as a potential risk, where only four validators run the same code. The ongoing scrutiny of Hyperliquid comes amidst substantial on-chain evidence indicating large funds withdrawals from its platform, allegedly linked to Lazarus Group wallets. Despite Hyperliquid's denial of a hack, the community remains apprehensive about potential security exploitations and the possibility of the Lazarus Group orchestrating further malicious activities given their history of targeting crypto platforms.
Recommended read:
References :
- Techmeme: Muyao Shen / : — - Hyperliquid is the largest DeFi derivatives exchange by volume — Security expert says Hyperliquid faces threat from North Korea
- Coinpedia Fintech News: Hyperliquid Faces $60 Million USDC Outflow Amid North Korean Hacking Rumors, Denies Any Exploit
- COINOTAG NEWS: Concerns Rise Over Hyperliquid’s Security Amid Lazarus Group Activity and Expert Warnings
- www.bloomberg.com: Muyao Shen / : — - Hyperliquid is the largest DeFi derivatives exchange by volume — Security expert says Hyperliquid faces threat from North Korea
CISO2CISO Editor 2@ciso2ciso.com
//
The Lazarus Group, a hacking collective with ties to North Korea, is intensifying its cyber operations against the nuclear industry, employing sophisticated new malware and tactics. Recent attacks have targeted employees within 'nuclear-related' organizations using trojanized virtual network computing (VNC) utilities disguised as job assessment tests. These disguised archives delivered malware via ISO and ZIP files, and they used a modified AmazonVNC.exe, combined with legitimate UltraVNC components to execute attacks. This method allows the group to establish a layered infection chain that helps them to evade detection.
These cyber intrusions use complex infection chains and modular malware that use a variety of components, such as downloaders, loaders and backdoors. The malware includes 'CookieTime' which can download payloads and 'CookiePlus', disguised as a Notepad++ plugin, which uses advanced decryption techniques to fetch plugins. The group's motivation behind the attacks is believed to be both financial gain and espionage. The ongoing attacks highlight the evolving threat landscape posed by state-sponsored actors targeting sensitive industries and organizations.
Recommended read:
References :
- cyberinsider.com: North Korean Hackers ‘Lazarus’ Target Nuclear Orgs with New Malware
- osint10x.com: North Korean hackers spotted using new tools on employees of 'nuclear-related' org
- CyberInsider: The notorious Lazarus Group has evolved its infection tactics, employing both updated and novel malware like ‘CookiePlus' to infiltrate targets in defense, aerospace, cryptocurrency, and nuclear industries.
- Osint10x: North Korean hackers spotted using new tools on employees of 'nuclear-related' org
- ciso2ciso.com: Lazarus APT targeted employees at an unnamed nuclear-related organization
- securityaffairs.com: Lazarus APT targeted employees at an unnamed nuclear-related organization
- www.cybersecurity-insiders.com: Lazarus launches malware on Nuclear power org and Kaspersky Telegram Phishing scams
- ciso2ciso.com: Lazarus APT targeted employees at an unnamed nuclear-related organization
- www.cybersecurity-insiders.com: Lazarus launches malware on Nuclear power org and Kaspersky Telegram Phishing scams
- ciso2ciso.com: Lazarus Group Targets Nuclear Industry with CookiePlus Malware – Source:hackread.com
- Pyrzout :vm:: Lazarus Group Targets Nuclear Industry with CookiePlus Malware – Source:hackread.com
|
|
FlagThis - #LazarusGroup