Thomas Brewster,@Thomas Fox-Brewster
//
Federal agents have linked a $150 million cryptocurrency heist to the 2022 LastPass data breach. U.S. authorities have seized over $23 million in cryptocurrency related to the January 2024 theft from a Ripple crypto wallet, with investigators believing hackers who breached LastPass in 2022 were responsible. These findings align with those published by KrebsOnSecurity in September 2023, which highlighted a series of six-figure cyberheists resulting from cracked master passwords stolen from LastPass.
The U.S. Secret Service and FBI investigations support the conclusion that the same attackers behind the LastPass breach used a stolen password from the victim's online password manager to access their cryptocurrency wallet. The stolen XRP, initially valued at $150 million, is now worth $716 million. The Secret Service continues to trace the funds through various exchanges, noting that the scale and rapid dissipation of funds required multiple malicious actors, consistent with the online password manager breaches and attacks on other victims.
Recommended read:
References :
- bsky.app: U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack.
- BrianKrebs: New, by me: Feds Link $150M Cyberheist to 2022 LastPass Hacks In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.
- krebsonsecurity.com: Feds Link $150M Cyberheist to 2022 LastPass Hacks
- The DefendOps Diaries: The Seizure of $23 Million in Cryptocurrency: A Detailed Analysis of the Ripple Wallet Hack Linked to LastPass Breach
- Thomas Fox-Brewster: Feds Suspect LastPass Hackers Stole $150 Million In Crypto From One Person
- securityaffairs.com: Feds seized $23 million in crypto stolen using keys from LastPass breaches
- www.scworld.com: LastPass hack leveraged to facilitate $150M crypto heist
Thomas Brewster,@Thomas Fox-Brewster
//
Federal investigators have linked the 2022 LastPass data breach to a $150 million cryptocurrency theft from a Ripple XRP wallet in January 2024. Authorities believe the hackers exploited stolen master passwords to gain unauthorized access to the wallet. The stolen XRP, initially valued at $150 million, is now worth an estimated $716 million due to fluctuations in the cryptocurrency market.
U.S. law enforcement has seized over $23 million in cryptocurrency connected to the theft. The U.S. Secret Service and FBI are actively investigating the case and working to recover the remaining stolen funds. Security researchers had previously identified a pattern of similar crypto heists linked to the LastPass breach, suggesting a broader impact of the password manager vulnerability. The incident highlights the significant risks associated with compromised password management systems.
Recommended read:
References :
- bsky.app: US authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack.
- krebsonsecurity.com: KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022.
- The DefendOps Diaries: The Seizure of $23 Million in Cryptocurrency: A Detailed Analysis of the Ripple Wallet Hack Linked to LastPass Breach
- Thomas Fox-Brewster: The stolen XRP is now worth $716 million. The Secret Service is trying to claw it back from unknown hackers.
- www.bleepingcomputer.com: U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack.
- Metacurity: Hack of LastPass in 2022 led to massive theft of XRP, now worth nearly $700 million
- securityaffairs.com: US authorities seized $23M in crypto linked to a $150M Ripple hack, suspected to have been carried out by hackers from the 2022 LastPass breach.
- www.scworld.com: LastPass hack leveraged to facilitate $150M crypto heist
Cynthia B@Metacurity
//
The Lazarus Group, a North Korean hacking organization, has reportedly laundered 100% of the $1.4 billion stolen from the Bybit cryptocurrency exchange. This information was initially reported by The Record and other cybersecurity news outlets. The stolen funds, in the form of Ethereum (ETH), were moved to new addresses, which is the first step in laundering cryptocurrency.
This rapid laundering of such a large sum indicates a high level of operational efficiency by the North Korean hackers. Ari Redbord, a former federal prosecutor and senior Treasury official, described this event as showing “unprecedented level of operational efficiency.” He also suggested that North Korea has expanded its money laundering infrastructure or that underground financial networks, especially in China, have improved their ability to handle illicit funds. This situation underscores the increasing sophistication of North Korea's cybercrime activities and their ability to quickly process stolen cryptocurrency.
Recommended read:
References :
- infosec.exchange: NEW: The (allegedly North Korean) hackers behind the Bybit crypto heist have already laundered all the stolen Ethereum, which was worth $1.4 billion.
- Metacurity: Lazarus Group hackers have laundered 100% of the $1.4 billion they stole from Bybit
- Resources-2: FBI Confirms North Korean Lazarus Group Behind $1.5 Billion Bybit Crypto Heist
- : North Korea Targeting Crypto Industry, Says FBI
- fortune.com: How North Korea cracked Bybit’s crypto safe to steal $1.5 billion in a record heist
- Kaspersky official blog: How to store cryptocurrency after the Bybit hack | Kaspersky official blog
Ojukwu Emmanuel@Tekedia
//
The Bybit cryptocurrency exchange has reportedly suffered a massive security breach, with hackers allegedly linked to North Korea making off with $1.4 billion in Ethereum. This incident is being called potentially the largest crypto theft in history. Experts from multiple blockchain security companies have confirmed that the stolen Ethereum has already been moved to new addresses, marking the initial phase of money laundering.
Ari Redbord, a former federal prosecutor and senior Treasury official, highlighted the "unprecedented level of operational efficiency" displayed by the hackers in rapidly laundering the stolen funds. He suggested that North Korea might have expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to process illicit funds. The FBI has also linked North Korea-linked TraderTraitor as responsible for the $1.5 Billion Bybit hack
Recommended read:
References :
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine.
- Secure Bulletin: The Lazarus Group, a notorious North Korean state-sponsored hacking collective, has once again demonstrated its sophistication and audacity with a staggering $1.5 billion cryptocurrency heist targeting Bybit, a major crypto exchange.
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- infosec.exchange: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum. Bybit also disclosed preliminary results of investigations, which reveal hackers breached a developer’s device at a wallet platform Safe Wallet.
- SecureWorld News: Bybit Hack: FBI Attributes to North Korea, Urges Crypto Sector to Act
- The Register - Security: FBI officially fingers North Korea for $1.5B Bybit crypto-burglary
- PCMag UK security: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- Zack Whittaker: your weekly ~ this week in security ~ is out: • North Korea's record-breaking $1.4B crypto heist
- www.cysecurity.news: Bybit Suffers Historic $1.5 Billion Crypto Hack, Lazarus Group Implicated
- infosec.exchange: NEW: The (allegedly North Korean) hackers behind the Bybit crypto heist have already laundered all the stolen Ethereum, which was worth $1.4 billion. Ari Redbord, former federal prosecutor and senior Treasury official, told me this laundering shows “unprecedented level of operational efficiency,� but there's more steps they need to take to cash out. “This rapid laundering suggests that North Korea has either expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to absorb and process illicit funds,� said Redbord.
- The Record: Experts from multiple blockchain security companies said that North Korean hackers were able to move all of the ETH coins stolen from Bybit to new addresses — the first step taken before the funds can be laundered further
- The Record: A provincial court in Barcelona has ordered that three former senior executives at NSO Group be indicted for their alleged role in a high-profile hacking scandal in which at least 63 Catalan civil society members were targeted with the company’s surveillance technology
- Know Your Adversary: News item discussing the massive Bybit crypto theft, potentially the largest in history.
- Metacurity: Lazarus Group hackers have laundered 100% of the $1.4 billion they stole from Bybit
- The Hacker News: Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
Ojukwu Emmanuel@Tekedia
//
On February 21, 2025, the cryptocurrency exchange Bybit suffered a massive security breach resulting in the theft of approximately $1.46 billion in crypto assets. Investigations have pointed towards the Lazarus Group, a North Korean state-sponsored hacking collective, as the perpetrators behind the audacious heist. The FBI has officially accused the Lazarus Group of stealing $1.5 billion in Ethereum and has requested assistance in tracking down the stolen funds.
Bybit has declared war on the Lazarus Group following the incident and is offering a $140 million bounty for information leading to the recovery of the stolen cryptocurrency. CEO Ben Zhou has launched Lazarusbounty.com, a bounty site aiming for transparency on the Lazarus Group's money laundering activities. The attack involved exploiting vulnerabilities in a multisig wallet platform, Safe{Wallet}, by compromising a developer’s machine, enabling the transfer of over 400,000 ETH and stETH (worth over $1.5 billion) to an address under their control.
Recommended read:
References :
- The Register - Security: The FBI has officially accused North Korea's Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for help tracking down the stolen funds.
- Secure Bulletin: The Lazarus Group, a notorious North Korean state-sponsored hacking collective, has once again demonstrated its sophistication and audacity with a staggering $1.5 billion cryptocurrency heist targeting Bybit, a major crypto exchange.
- SecureWorld News: On February 21, 2025, the cryptocurrency world was rocked by the largest crypto heist in history. Dubai-based exchange Bybit was targeted in a malware-driven attack that resulted in the theft of approximately $1.46 billion in crypto assets.
- Tekedia: Bybit, a leading crypto exchange, has declared war on “notorious� Lazarus group, a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. This is coming after the crypto exchange experienced a security breach resulting in the unauthorized transfer of over $1.4 billion in liquid-staked crypto assets.
- ChinaTechNews.com: North Korea was behind the theft of approximately $1.5bn in virtual assets from a cryptocurrency exchange, the FBI has said, in what is being described as the biggest heist in history.
- : Largest-Ever Crypto Heist steals $1.4 Billion
- techcrunch.com: The FBI said the North Korean government is ‘responsible’ for the hack at crypto exchange Bybit, which resulted in the theft of more than $1.4 billion in Ethereum cryptocurrency.
- PCMag UK security: The FBI is urging the cryptocurrency industry to freeze any transactions tied to the Bybit heist. The FBI has the $1.4 billion cryptocurrency at Bybit to North Korean state-sponsored hackers after security researchers reached the same conclusion.
- Talkback Resources: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge [net] [mal]
- thehackernews.com: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
- PCMag UK security: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- www.pcmag.com: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- SecureWorld News: FBI Attributes Bybit Hack: FBI Attributes to North Korea, Urges Crypto Sector to Act
- Dan Goodin: InfoSec Exchange Post on the FBI attribution to the Lazarus group and Bybit hack
- bsky.app: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- Wallarm: Lab Wallarm discusses how Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
- infosec.exchange: NEW: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum. Bybit also disclosed preliminary results of investigations, which reveal hackers breached a developer’s device at a wallet platform Safe Wallet.
- securityaffairs.com: FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack
- Cybercrime Magazine: Bybit Suffers Largest Crypto Hack In History
- www.cnbc.com: Details on the attack in a news article
- The Register - Security: Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- gbhackers.com: Researchers Uncover $1.4B in Sensitive Data Tied to ByBit Hack by Lazarus Group
- infosec.exchange: NEW: After security researchers and firms accused North Korea of the massive Bybit hack, the FBI follows suit. North Korean government hackers allegedly stoled more than $1.4 billion in Ethereum from the crypto exchange.
- www.cysecurity.news: Bybit Suffers Historic $1.5 Billion Crypto Hack, Lazarus Group Implicated
- infosec.exchange: Bybit, that major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets stolen, in what’s estimated to be the largest crypto heist in history.
- BleepingComputer: Bybit, a major cryptocurrency exchange, has fallen victim to a massive cyberattack, with approximately $1.5 billion in cryptocurrency stolen. The breach is believed to be the largest single theft in crypto history.
- Taggart :donor:: Cryptocurrency exchange Bybit suffered a massive security breach, resulting in the loss of $1.5 billion in digital assets. The hack compromised the exchange's cold wallet and involved sophisticated techniques to steal the funds.
- www.cysecurity.news: CySecurity News report on the Bybit hack, its implications, and the potential Lazarus Group connection.
- The420.in: The 420 report on Bybit theft
- infosec.exchange: Details of the Bybit hack and Lazarus Group's involvement.
- Talkback Resources: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- Zack Whittaker: Grab some coffee — your weekly ~ this week in security ~ is out: • North Korea's record-breaking $1.4B crypto heist
- infosec.exchange: Infosec Exchange post about Bybit crypto heist.
- The Record: Experts from multiple blockchain security companies said that North Korean hackers were able to move all of the ETH coins stolen from Bybit to new addresses — the first step taken before the funds can be laundered further
- infosec.exchange: The (allegedly North Korean) hackers behind the Bybit crypto heist have already laundered all the stolen Ethereum, which was worth $1.4 billion.
- Metacurity: Lazarus Group hackers have laundered 100% of the $1.4 billion they stole from Bybit
Oluwapelumi Adejumo@CryptoSlate
//
The FBI has officially attributed the massive $1.4 billion Ethereum theft from the Bybit crypto exchange to the North Korean Lazarus Group. This determination follows accusations from security researchers and firms, solidifying suspicions surrounding the notorious state-sponsored hacking collective. The incident is considered the largest crypto theft in history, underscoring the increasing sophistication of cyber threats targeting digital assets.
The Lazarus Group's attack involved compromising a developer's machine associated with Safe Wallet, a multisig wallet platform. By injecting malicious code into a JavaScript file, the attackers manipulated a planned transfer of funds from Bybit's cold wallet to its hot wallet. This allowed them to redirect over 400,000 ETH and stETH, worth approximately $1.5 billion, to an address under their control. The attack exploited vulnerabilities in Bybit's cold wallet management and multi-signature approval systems, highlighting the need for robust cybersecurity measures within the digital asset space.
Recommended read:
References :
- blog.checkpoint.com: Check Point Research Explains What the Bybit Hack Means.
- securityaffairs.com: Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
- www.the420.in: Largest cryptocurrency heist ever: Bybit Loses Rs 12,000+ Crore.
- Talkback Resources: Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
- The420.in: On Friday, cryptocurrency exchange Bybit disclosed that a highly sophisticated attack resulted in the theft of more than Rs 11,972 crores in digital assets from one of its offline Ethereum wallets—the largest crypto heist on record.
- Check Point Blog: Executive Summary: In one of the largest thefts in digital asset history, hackers gained access to an offline Ethereum wallet and stole $1.5 billion worth of digital assets, primarily consisting of Ethereum tokens.
- BleepingComputer: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- billatnapier.medium.com: One of the Largest Hacks Ever? But Will The Hackers Be Able To Launder The Gains?
- thecyberexpress.com: Bybit ETH Cold Wallet Compromised in Complex Cyberattack, Platform Secures Funds
- PCMag UK security: $1.4 Billion Bybit Crypto Heist Tied to North Korean Hackers
- Cybercrime Magazine: Cybersecurity wake-up call for cryptocurrency exchanges
- infosec.exchange: NEW: After security researchers and firms accused North Korea of the massive Bybit hack, the FBI follows suit. North Korean government hackers allegedly stoled more than $1.4 billion in Ethereum from the crypto exchange.
- Secure Bulletin: Lazarus group’s Billion-Dollar Bybit heist: a cyber forensics analysis
- SecureWorld News: Bybit Hack: $1.46 Billion Crypto Heist Points to North Korea's Lazarus Group
- The Register - Security: The Register reports FBI officially fingers North Korea for $1.5B Bybit crypto-burglary.
- infosec.exchange: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum. Bybit also disclosed preliminary results of investigations, which reveal hackers breached a developer’s device at a wallet platform Safe Wallet.
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- PCMag UK security: The FBI is urging the cryptocurrency industry to freeze any transactions tied to the Bybit heist.
- SecureWorld News: The U.S. Federal Bureau of Investigation (FBI) officially attributed the massive to North Korea's state-sponsored hacking group, TraderTraitor, more commonly known as the infamous Lazarus Group.
- infosec.exchange: Bybit, a major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets stolen, in what’s estimated to be the largest crypto heist in history.
- Talkback Resources: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge [net] [mal]
- : Largest-Ever Crypto Heist steals $1.4 Billion
- www.cysecurity.news: CySecurity News report on Bybit's $1.5 billion crypto hack.
- Wallarm: API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
- www.cysecurity.news: CySecurity News article on the Bybit hack and Lazarus Group involvement.
- Zack Whittaker: Grab some coffee — your weekly ~ this week in security ~ is out: • North Korea's record-breaking $1.4B crypto heist
- Malware ? Graham Cluley: In episode 406 of the "Smashing Security" podcast, we explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion
|
|
FlagThis - #cyberheist