Outside Source
Bybit and the (Safe)Wallet developer confirmed that North Korea’s Lazarus Group was behind the attack.
News
A series of third-party forensic investigations into the recent Bybit exploit revealed that compromised Safe(Wallet) credentials led to more than $1.4 billion worth of Ether (ETH) being stolen by North Korea’s Lazarus Group.
On Feb. 26, Bybit confirmed that forensic reviews conducted by Sygnia and Verichains revealed that “the credentials of a Safe developer were compromised […] which allowed the attacker to gain unauthorized access to the Safe(Wallet) infrastructure and totally deceive signers into approving a malicious transaction.”
According to Sygnia’s report, the attack originated from a “malicious JavaScript code” injected into Safe(Wallet)’s AWS infrastructure.
The findings were also confirmed by the Safe(Wallet) developer, which said it had “added security measures to eliminate the attack vector.”
“The Safe(Wallet) team has fully rebuilt, reconfigured all infrastructure, and rotated all credentials, ensuring the attack vector is fully eliminated,” the announcement said.
The Safe(Wallet) team issues a full statement on social media. Source: X
The forensic experts and Safe confirmed that Bybit’s infrastructure was not compromised in the hack.
Related: ‘Biggest crypto hack in history’: Bybit exploit is latest security blow to industry
This is a developing story, and further information will be added as it becomes available.
This article first appeared at Cointelegraph.com News
