Unveiled: Bybit Hack Traced to Compromised Developer Laptop - Inside the $1.5 Billion Ethereum Heist and the DPRK Connection!

EddieJayonCrypto

 7 Mar 25

tl;dr

Safe's internal investigation into the Bybit hack reveals that a compromised developer laptop led to the breach. The breach allowed hackers to inject malware and modify Bybit's wallet interface, resulting in a $1.5 billion Ethereum hack. The attackers exploited Amazon Web Services (AWS) tokens and u...

Safe's preliminary report on Mar. 6 attributes the Bybit hack to a compromised developer laptop, leading to the modification of Safe's multi-signature wallet interface and resulting in the largest hack in history.

The breach originated from a compromised macOS workstation, with attackers using ExpressVPN to mask their origins and exhibiting similarities to previous incidents associated with DPRK.

Attackers exploited AWS security controls by hijacking active AWS user session tokens, leading to unauthorized access. Safe has since implemented significant security reinforcements.

Safe's internal investigation into the Bybit hack reveals that a compromised developer laptop led to the breach, allowing hackers to inject malware and modify Bybit's wallet interface, resulting in a $1.5 billion Ethereum hack.

The attackers exploited Amazon Web Services (AWS) tokens and used tactics associated with a threat actor linked to the Democratic People’s Republic of Korea. They also bypassed multi-factor authentication and utilized ExpressVPN to mask their origins.

Safe has since implemented enhanced security measures and infrastructure restructuring to prevent future incidents. Despite the breach, Safe's smart contracts remain unaffected.