The Federal Bureau of Investigation (FBI) has officially attributed the recent $1.5 billion cyberattack on cryptocurrency exchange Bybit to North Korea’s state-sponsored Lazarus Group. The attack, which occurred on February 21, saw hackers infiltrate one of Bybit’s cold wallets and steal over 41,000 ETH.
This breach added to a growing list of high-profile cryptocurrency heists orchestrated by North Korean hacking entities.
In a joint Cybersecurity Advisory (CSA) issued by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department, authorities warned about the increasing cyber risks posed by North Korea-backed advanced persistent threat (APT) groups.
The Lazarus Group, also known by aliases such as APT38, BlueNoroff, and Stardust Chollima, has been conducting cyber theft operations since at least 2020. The entity has been known for systematically targeting cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn gaming platforms, as well as venture capital firms investing in digital assets.
The advisory outlined the group’s tactics, which include social engineering, spearphishing campaigns, and the deployment of trojanized cryptocurrency applications to infiltrate networks and exfiltrate funds.
According to US authorities, North Korean hackers use sophisticated malware strains, including the notorious AppleJeus malware, to compromise cryptocurrency platforms. These cyber actors frequently exploit vulnerabilities in financial technology firms and blockchain infrastructure to launder stolen digital assets, ultimately funneling funds back to the North Korean regime.
The Bybit hack follows a familiar pattern, with attackers using deceptive recruitment tactics to lure employees into downloading compromised trading applications, referred to as “TraderTraitor.” These applications are designed with cross-platform JavaScript and Node.js to make them appear legitimate but contain hidden malware that allows attackers to gain unauthorized access to private keys and initiate fraudulent blockchain transactions.
With North Korea’s cyber theft operations continuing to escalate, the US government has reiterated its commitment to combating illicit activities in the cryptocurrency sector. The FBI urges cryptocurrency firms to strengthen cybersecurity measures, monitor for indicators of compromise (IOCs), and implement robust security protocols to mitigate risks associated with North Korean-backed cyber threats.
The post FBI Links $1.5 Billion Bybit Hack to North Korea’s Lazarus Group appeared first on CryptoPotato.
免責聲明:投資有風險,本文並非投資建議,以上內容不應被視為任何金融產品的購買或出售要約、建議或邀請,作者或其他用戶的任何相關討論、評論或帖子也不應被視為此類內容。本文僅供一般參考,不考慮您的個人投資目標、財務狀況或需求。TTM對信息的準確性和完整性不承擔任何責任或保證,投資者應自行研究並在投資前尋求專業建議。