North Korea’s Lazarus Group has successfully executed a massive cyber heist, draining $1.5 billion in ethereum from cryptocurrency exchange Bybit in a recent supply chain attack. The FBI, in a public service announcement on Wednesday, confirmed that the attack was orchestrated by a North Korean state-sponsored threat group known as TraderTraitor, or Lazarus Group.
According to the FBI, the cybercriminals behind this attack converted some of the stolen funds into bitcoin while hiding the rest across various addresses on multiple blockchains. This sophisticated operation has been described as the “largest breach in Web3 history” by blockchain analytics vendor Certik in their technical analysis of the incident.
Bybit CEO Ben Zhou took to social media to share some preliminary findings of an investigation conducted by Sygnia Labs and Verichains, attributing the attack to malicious code originating from SafeWallet’s infrastructure. SafeWallet released a statement acknowledging the breach and detailing the forensic review that revealed how the attack was carried out through the compromised machine of a SafeWallet developer.
Following the incident, SafeWallet has ramped up its security protocols and implemented additional measures to prevent such attacks in the future. Users are now prompted with a pop-up message on the website urging them to verify transactions on their signer wallets before approving them.
This heist is a stark reminder of the growing threat landscape in the cryptocurrency sector. While attacks on cryptocurrency exchanges have been on the rise, the scale of this theft sets a new record. In comparison, previous attacks, such as those against decentralized finance platforms, pale in comparison to the $1.5 billion stolen from Bybit.
The Lazarus Group has been involved in multiple high-profile cryptocurrency attacks in recent years. In 2022, they were linked to a massive heist targeting Axie Infinity, where $620 million in cryptocurrency was stolen. The U.S. Office of Foreign Assets Control took action against Blender.io for laundering some of the stolen assets from this attack.
Aside from targeting cryptocurrency exchanges, Lazarus Group also poses a threat to other industries. The health sector, for instance, has been warned about the group’s activities, as Lazarus has been actively targeting healthcare organizations.
The nefarious activities of groups like Lazarus highlight the importance of robust cybersecurity measures, especially in the rapidly evolving world of cryptocurrencies. As the digital asset ecosystem continues to grow, stakeholders must remain vigilant against the persistent threat of cyber attacks.
Arielle Waldman, a news writer for Informa TechTarget covering enterprise security, contributed to this report.