Investigation found no indications of any compromise within Bybit’s infrastructure.
A forensic review into the theft of $1.4 Billion in cryptocurrency from Bybit’s Ethereum Crypto Exchange was enabled by the compromise of a developer’s credentials.
According to a statement from Bybit, its preliminary findings reaffirm the integrity of Bybit's infrastructure, but the compromise “allowed the attacker to gain unauthorised access to the Safe{Wallet} infrastructure and totally deceive signers into approving a malicious transaction.”
It confirmed that third-party forensic experts conducted an independent review, and both found no indications of any compromise within Bybit’s infrastructure.
Ben Zhou, co-founder and CEO of Bybit: “Bybit remains steadfast in our commitment to security and transparency. The preliminary forensic review finds that our system was not compromised. While this incident underscores the evolving threats in the crypto space, we are taking proactive steps to reinforce security and ensure the highest level of protection for our users."
Attribution
Also, the FBI has named the North Korean threat actor Lazarus Group, also known as TraderTraitor, of having undertaken the attack.
In a statement, the FBI said the actors “are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains.”
The FBI said it expects these assets to be further laundered and eventually converted to flat currency.
Bybit has also offered a reward of 10 percent of any recovered funds as a bug bounty, according to media reports.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
