The developer of SafeWallet has released a report on the February attack against Bybit, which resulted in $1.4 billion being stolen.
Details of the Attack
A forensic analysis conducted by SafeWallet and cybersecurity firm Mandiant found that hackers hijacked AWS session tokens to bypass two-factor authentication. The attack involved compromising a developer’s MacOS system, allowing intruders to use AWS session tokens. They initiated the cyberattack within the AWS environment.
Mandiant's Analysis
Mandiant’s analysis confirmed that North Korean state actors carried out the attack, which took 19 days to execute. The exploit did not affect Safe’s smart contracts, and additional security measures were implemented by Safe's development team post-incident.
FBI's Response
The FBI issued an online alert, urging to block transactions from wallets linked to the North Korean hackers. While the stolen funds were laundered within 10 days, about 77% of them are still traceable on the blockchain.
This incident highlights the importance of cybersecurity and the need for constant updates to defense mechanisms.
