- North Korean Hackers executed a $1.4 billion cryptocurrency heist by infiltrating Safe‘s infrastructure rather than targeting Bybit directly.
- The attackers planted malicious JavaScript code in Safe‘s AWS-hosted infrastructure, specifically targeting Bybit‘s contract address.
- Two independent Cybersecurity firms, Verichains and Sygnia Labs, confirmed the attack vector through detailed forensic analysis.
- The hackers removed the malicious code within two minutes of completing the theft, demonstrating sophisticated operational security.
- The incident raises serious concerns about security vulnerabilities in widely-used cryptocurrency infrastructure providers.
North Korean hackers have orchestrated the largest cryptocurrency theft in history, stealing $1.4 billion from Bybit by compromising the infrastructure of wallet provider Safe, according to independent security audits released this week.
Forensic investigations by cybersecurity firms Verichains and Sygnia Labs revealed that the attackers injected malicious code into Safe‘s Amazon Web Services infrastructure. The code was specifically engineered to activate only when interacting with Bybit‘s contract address, demonstrating an unprecedented level of tactical sophistication.
The hack’s execution showcases the evolution of state-sponsored cryptocurrency theft. Within two minutes of draining the funds, the attackers cleaned their tracks by removing the malicious code from Safe‘s systems, leaving minimal forensic evidence.
Safe has acknowledged that the breach originated from a compromised developer machine, though maintaining that their smart contracts and source code remained secure. The company has since rebuilt its infrastructure and updated security credentials.
Bybit emphasized that their own systems remained uncompromised, stating: “Bybit is and remains 100% secure.” The exchange has transferred remaining assets away from Safe-administered wallets as a precautionary measure.
Taylor Monahan, MetaMask‘s security expert, cautioned against hasty conclusions, noting: “I think it’s been presumptuous for us to assume it was Bybit the first five days… I think it’s presumptuous to flip 180 degrees and say it’s Safe’s fault on day six.”
This incident represents a significant escalation in North Korean cryptocurrency operations, which have previously focused on smaller-scale attacks. The sophisticated nature of the hack has sent shockwaves through the cryptocurrency industry, prompting calls for enhanced security measures across infrastructure providers.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Bank of America Ready to Launch Stablecoin Pending US Regulatory Approval
- MEXC Exchange Invests $36 Million in Synthetic Dollar Protocol Ethena
- ECB Director’s Paper Highlights Benefits of Public Crypto Networks for Financial Markets
- RICS Updates Financial Standard to Address Cryptocurrency and AI Developments
- LockBit Ransomware Gang Claims to Have Damaging FBI Intelligence in Letter to New Director
