Outside Source
Chainalysis said collaborative security efforts across the crypto community have led to freezing $40 million of stolen funds from the Bybit hack.
News
Blockchain analysis firm Chainalysis detailed how hackers stole $1.46 billion from cryptocurrency exchange Bybit and shed light on the laundering tactics used by North Korea’s Lazarus Group.
On Feb. 21, Bybit suffered a major exploit, losing $1.46 billion in Ether (ETH) and other tokens. Security platform Blockaid dubbed the incident the largest exchange hack in history, and blockchain investigator ZachXBT identified the hackers as the North Korea-linked Lazarus Group.
On Feb. 24, Chainalysis published a report explaining how the attack unfolded. It explored techniques and procedures used in the hack, citing a “common playbook” used by North Korea-affiliated hackers. The firm noted that the group relied on social engineering tactics and complex laundering techniques to move the stolen assets.
Chainalysis Reactor graph showcasing the complexity of Bybit exploiter’s laundering methods. Source: Chainalysis
Chainalysis shares step-by-step details of the Bybit hack
Chainalysis said the attack began with a phishing campaign targeting Bybit’s cold wallet signers. The attackers then gained access to Bybit’s user interface, which allowed them to replace a multisignature wallet implementation contract with a malicious version. This enabled them to start processing unauthorized fund transfers.
Chainalysis said the hackers intercepted a routine transfer from Bybit’s Ethereum cold wallet to a hot wallet. The attackers then rerouted about 401,000 ETH ($1.46 billion) to their addresses. The funds were split across multiple intermediary wallets, a common tactic to obscure the transaction trail, Chainalysis said.
“The stolen assets were then moved through a complex web of intermediary addresses. This dispersion is a common tactic used to obfuscate the trail and hinder tracking efforts by blockchain analysts.”
The hackers converted portions of the stolen ETH to other assets, including Bitcoin (BTC) and Dai (DAI). They used decentralized exchanges (DEXs), crosschain bridges and an instant swap service without Know Your Customer (KYC) protocols to move assets across different networks.
Following this, the funds have remained dormant across multiple addresses, which Chainalysis described as a deliberate strategy used by North Korean hackers.
“By delaying laundering efforts, they aim to outlast the heightened scrutiny that typically immediately follows such high-profile breaches,” Chainalysis wrote.
Related: ‘Biggest crypto hack in history’: Bybit exploit is latest security blow to industry
Crypto community freezes $40 million in stolen Bybit funds
With the hacker’s laundering efforts ongoing, Chainalysis highlighted that blockchain’s inherent transparency allows cybersecurity firms to trace and monitor their illicit activities.
Chainalysis has already worked with contacts in the industry to help freeze over $40 million of the funds stolen from Bybit. The company said it would continue collaborating with the public and private sectors to seize as much as possible.
In a statement to Cointelegraph, Chainalysis said the hack highlights the need to proactively invest in threat prevention. The firm added that there’s a need for transparency in user fund protection. “Exchanges will need to articulate to their regulators and users how they ensure that user funds are protected,” Chainalysis said.
The company added that strong partnerships between the private and public sectors can strengthen the community’s ability to respond to such incidents.
This article first appeared at Cointelegraph.com News
