Photo by Morrowind/Shutterstock.com
The FBI has found the culprit behind the Bybit hack, which left the exchange short of almost $1.5 billion worth of Ethereum cryptocurrency. The agency has confirmed that TraderTraider, popularly known as Lazarus, a North Korean threat actor, was behind the February 21 hack.
Bybit is one of the biggest crypto exchanges, with over 60 million users and more than $36 billion in daily trading volume. The cyberattack cost the exchange over 400,000 ETH and sETH, worth $1.5 billion at the time, all of which were transferred to an unidentified address.
The hackers have already converted some of the stolen assets to Bitcoin and “other virtual assets dispersed across thousands of addresses on multiple blockchains,” states a notice issued by the FBI. The converted assets are expected to be laundered more before eventually being converted to fiat currency. Some of the wallet addresses used by threat actors have also been listed in the update.
Neither Bybit nor the FBI have provided any technical details on how the attack actually happened. However, Bybit said before that a potential vulnerability in the Safe.global platform use interface may have been exploited during transactions. Cybersecurity firms Sygnia and Verichains have also been hired to investigate the hack, with reports claiming that the attack used malicious code originating from Safe{Wallet}, a decentralised custody protocol.
Safe{Wallet} also issued a statement confirming that its infrastructure was attacked by Lazarus hackers who gained access to a developer’s machine. That said, its smart contracts aren’t affected, nor any source code from its front end and other services.
Thankfully, unlike several other crypto exchanges that shut down after being attacked, Bybit remained solvent. CEO Ben Zhou added that even if the stolen funds weren’t recovered, the firm could cover the losses and 1 to 1 return all client assets.
The exchange also launched a bug bounty program offering five percent of the recovered amount to anyone who manages to freeze funds. Those who helped trace the funds could also be paid the same rate. Regardless, only three percent of the total stolen crypto assets, worth around $42 million have been frozen so far. Bybit has also paid out over $4 million in bounties, noting that some crypto services are refusing to cooperate in its efforts.
In the News: Automattic faces class action lawsuit over WP Engine sabotage
