Bybit’s $1.4b breach started with stock invest malware, investigation reveals

The North Korean pirates stole $ 1.4 billion in Bybit after breaking the Mac laptop from Safe via a false equity investment project that helped them get around AWS security, Mandiant reveals.

Go throughThe $ 1.4 billion cyber attack, now the largest crypto flight in history, is said to have started with malicious software from a false investment project that compromised the Mac laptop of Safe and bypassed Amazon Web Services Security, according to Mandiant’s investigation.

In An article from March 6 On X, Safe revealed that the North Korean The hacking group known as the Traderraitor compromised a safety laptop in complete safety, “Developer1” and used stolen AWS session to bypass multi-feature authentication.

According to Mandiant’s investigation, the violation took place on February 4, when a Docker project – pretending to be an “equity investment simulator” – was downloaded from Mac De developer1. The project has communicated with a suspicious field (GetstockPrice[.]com), leading to the installation of malware.

We do not know what forced Developer1 to download malware via a workstation, but the survey notes that similar social engineering tactics have already been used in previous attacks on the hacking group.

Mandiant’s report also found that the attackers had bypassed AWS MFA by diverting active user session tokens, probably via malware on the Developer workstation1. These diverted tokens allowed the hackers to access the AWS services without the need to pass MFA checks. The attack was carried out from IP addresses linked to a VPN service and safety tools designed for offensive hacking, according to the report.

“Certain gaps in the total recovery of certain aspects of the attack remain because the attacker has removed his malicious software and has defined history in order to thwart investigations.”

On

As a precautionary measure, Safe {Wallet} has reset its infrastructure, restricting external access. He also claims to have strengthened the detection of malicious transactions with Blockaid, a blockchain security company. According to Safe, his intelligent contracts were not affected by the violation.

Cryptocurrency exchange revealed In early March, almost 20% of stolen funds are now not found, just under two weeks after the stock market lost $ 1.46 billion in a very sophisticated attack. In a post X, the CEO of Bebit, Ben Zhou, revealed that around 77% of the stolen funds remain traceable, but that almost 20% have “become dark” thanks to mixing services.