Bitcoin
Bitcoin (BTC)
$77,031.00 -0.13618
Bitcoin price
Ethereum
Ethereum (ETH)
$2,118.01 -0.08335
Ethereum price
XRP
XRP (XRP)
$1.36 -0.18158
XRP price
BNB
BNB (BNB)
$649.17 1.07778
BNB price
Solana
Solana (SOL)
$86.10 1.80355
Solana price
Hyperliquid
Hyperliquid (HYPE)
$59.51 15.72747
Hyperliquid price
Cardano
Cardano (ADA)
$0.247132 -0.53784
Cardano price
Chainlink
Chainlink (LINK)
$9.61 0.79978
Chainlink price
POL (ex-MATIC)
POL (ex-MATIC) (POL)
$0.090471 1.01605
POL (ex-MATIC) price
Toncoin
Toncoin (TON)
$2.03 3.38436
Toncoin price
Asteroid Shiba
Asteroid Shiba (ASTEROID)
$0.0003191 2.05674
Asteroid Shiba price
Bitcoin
Bitcoin (BTC)
$77,031.00 -0.13618
Bitcoin price
Ethereum
Ethereum (ETH)
$2,118.01 -0.08335
Ethereum price
XRP
XRP (XRP)
$1.36 -0.18158
XRP price
BNB
BNB (BNB)
$649.17 1.07778
BNB price
Solana
Solana (SOL)
$86.10 1.80355
Solana price
Hyperliquid
Hyperliquid (HYPE)
$59.51 15.72747
Hyperliquid price
Cardano
Cardano (ADA)
$0.247132 -0.53784
Cardano price
Chainlink
Chainlink (LINK)
$9.61 0.79978
Chainlink price
POL (ex-MATIC)
POL (ex-MATIC) (POL)
$0.090471 1.01605
POL (ex-MATIC) price
Toncoin
Toncoin (TON)
$2.03 3.38436
Toncoin price
Asteroid Shiba
Asteroid Shiba (ASTEROID)
$0.0003191 2.05674
Asteroid Shiba price
Bitcoin
Bitcoin (BTC)
$77,031.00 -0.13618
Bitcoin price
Ethereum
Ethereum (ETH)
$2,118.01 -0.08335
Ethereum price
XRP
XRP (XRP)
$1.36 -0.18158
XRP price
BNB
BNB (BNB)
$649.17 1.07778
BNB price
Solana
Solana (SOL)
$86.10 1.80355
Solana price
Hyperliquid
Hyperliquid (HYPE)
$59.51 15.72747
Hyperliquid price
Cardano
Cardano (ADA)
$0.247132 -0.53784
Cardano price
Chainlink
Chainlink (LINK)
$9.61 0.79978
Chainlink price
POL (ex-MATIC)
POL (ex-MATIC) (POL)
$0.090471 1.01605
POL (ex-MATIC) price
Toncoin
Toncoin (TON)
$2.03 3.38436
Toncoin price
Asteroid Shiba
Asteroid Shiba (ASTEROID)
$0.0003191 2.05674
Asteroid Shiba price
Bitcoin
Bitcoin (BTC)
$77,031.00 -0.13618
Bitcoin price
Ethereum
Ethereum (ETH)
$2,118.01 -0.08335
Ethereum price
XRP
XRP (XRP)
$1.36 -0.18158
XRP price
BNB
BNB (BNB)
$649.17 1.07778
BNB price
Solana
Solana (SOL)
$86.10 1.80355
Solana price
Hyperliquid
Hyperliquid (HYPE)
$59.51 15.72747
Hyperliquid price
Cardano
Cardano (ADA)
$0.247132 -0.53784
Cardano price
Chainlink
Chainlink (LINK)
$9.61 0.79978
Chainlink price
POL (ex-MATIC)
POL (ex-MATIC) (POL)
$0.090471 1.01605
POL (ex-MATIC) price
Toncoin
Toncoin (TON)
$2.03 3.38436
Toncoin price
Asteroid Shiba
Asteroid Shiba (ASTEROID)
$0.0003191 2.05674
Asteroid Shiba price

Bybit’s $1.4b breach started with stock invest malware, investigation reveals

Denis Omelchenko
By
Dorian Batycka
Edited by
Prefer on Google
News
Bybit’s $1.4b breach started with stock invest malware, investigation reveals

North Korean hackers stole $1.4 billion from Bybit after breaching Safe’s Mac laptop through a fake stock investment project that helped them bypass AWS security, Mandiant reveals.

Bybit‘s $1.4 billion cyberattack, now the largest crypto theft in history, is believed to have started with malware from a fake stock investment project that compromised Safe’s Mac laptop and bypassed Amazon Web Services security, according to Mandiant’s investigation.

In a March 6 article on X, Safe revealed that the North Korean hacking group known as TraderTraitor compromised a Safe{Wallet} developer’s laptop, “Developer1,” and used stolen AWS session tokens to bypass multi-factor authentication.

According to Mandiant’s investigation, the breach occurred on Feb. 4, when a Docker project — posing as a “stock investment simulator” — was downloaded onto Developer1’s Mac. The project communicated with a suspicious domain (getstockprice[.]com), leading to the malware’s installation.

You might also like: Bybit sparks debates as it seeks nearly $100k in refund from ParaSwap DAO tied to hacker’s swap fees

It’s unclear what forced Developer1 to download the malware through workstation, but the investigation notes that similar social engineering tactics have already been used in previous attacks by the hacking group.

Mandiant’s report also found that the attackers bypassed AWS MFA by hijacking active user session tokens, likely through malware on Developer1’s workstation. These hijacked tokens allowed the hackers to access AWS services without needing to pass MFA checks. The attack was conducted from IP addresses linked to a VPN service and security tools designed for offensive hacking, per the report.

“Certain gaps in fully recovering certain aspects of the attack remain because the attacker removed their malware and cleared Bash history in an effort to thwart investigative efforts.”

Safe

As a precautious measure, Safe{Wallet} has reset its infrastructure, restricting external access. It also claims to have enhanced the detection of malicious transactions with Blockaid, a blockchain security firm. According to Safe, its smart contracts were not affected by the breach.

Cryptocurrency exchange Bybit revealed in early March that nearly 20% of the stolen funds are now untraceable, just less than two weeks after the exchange lost $1.46 billion in a highly sophisticated attack. In an X post, Bybit CEO Ben Zhou revealed that around 77% of the stolen funds remain traceable, but nearly 20% has “gone dark” through mixing services.

Read more: China’s underground networks were ready for Bybit incident, analysts say

Deep Dives

U.S. Capitol overlaid with Ethereum logo and legal scales.
Follow-up
Read more - What the CLARITY Act may mean for Ethereum

What the CLARITY Act may mean for Ethereum

Ethereum ETH Ethereum
Is the Bitcoin halving cycle dead? Here's what comes next - 1
Feature
Read more - Is the Bitcoin halving cycle dead? Here’s what comes next

Is the Bitcoin halving cycle dead? Here’s what comes next

Ripple is booming. XRP is not. Inside crypto's strangest disconnect - 2
Feature
Read more - Ripple is booming. XRP is not. Inside crypto’s strangest disconnect

Ripple is booming. XRP is not. Inside crypto’s strangest disconnect

Dogecoin grew up. Almost nobody noticed. - 3
Feature
Read more - Dogecoin grew up. Almost nobody noticed.

Dogecoin grew up. Almost nobody noticed.

Dogecoin DOGE Dogecoin
CLARITY Act: What approval would actually change for crypto - 4
Feature
Read more - CLARITY Act: What approval would actually change for crypto

CLARITY Act: What approval would actually change for crypto

Why the CLARITY Act matters more to XRP than to almost any other crypto - 5
Feature
Read more - Why the CLARITY Act matters more to XRP than to almost any other crypto

Why the CLARITY Act matters more to XRP than to almost any other crypto

Gemini crypto exchange screen controlled by AI agent
Follow-up
Read more - Gemini’s agentic trading lets AI models, not humans, drive CEX order flow

Gemini’s agentic trading lets AI models, not humans, drive CEX order flow

Polymarket logo over CFTC and prediction charts
Feature
Read more - Polymarket’s CFTC talks are really about who gets to price reality in public

Polymarket’s CFTC talks are really about who gets to price reality in public

CZ described his preferred strategy as focusing on the “shovels” of AI
Feature
Read more - CZ says he prefers AI “shovels” over AI itself as infrastructure race intensifies

CZ says he prefers AI “shovels” over AI itself as infrastructure race intensifies

Tokenization aided by MiCA, insights with Wojciech Kaszycki - 6
Opinion
Read more - Tokenization aided by MiCA, insights with Wojciech Kaszycki

Tokenization aided by MiCA, insights with Wojciech Kaszycki

Related News

MAPO crashes to record lows, bridge attack overwhelms circulating supply - 7
News
Read more - MAPO crashes to record lows, bridge attack overwhelms circulating supply

MAPO crashes to record lows, bridge attack overwhelms circulating supply

Binance’s Changpeng Zhao urges caution after GitHub breach - 8
News
Read more - Binance’s Changpeng Zhao urges caution after GitHub breach

Binance’s Changpeng Zhao urges caution after GitHub breach

Bankr hack drains wallets as users warned not to sign - 9
News
Read more - Bankr hack drains wallets as users warned not to sign

Bankr hack drains wallets as users warned not to sign

Advertise