Chainanalysis Explains the $1.5 Billion Token Theft from Bybit

Chainanalysis, a popular Blockchain analysis firm, explained the security breach of Bybit, which resulted in a loss of tokens worth $1.5 billion. Additionally, the firm explained how this hack is consistent with the Lazarus Group of North Korea (DPRK). 

On 21 February, the Bybit cryptocurrency exchange faced a security breach where they lost Ethereum (ETH) worth nearly $1.5 bn. In fact, Chainanalysis calls it the largest digital heist in crypto history. They went on to explain the way state-sponsored cybercriminals are evolving their tactics.  

Chainanalysis explains that the DPRK uses a common playbook to move stolen cryptocurrencies undetected. Here, the cybercriminals orchestrate social engineering attacks and use intricate laundering methods. 

Moreover, the analysts also found that the exploits ended up in the same addresses as those of older North Korean attacks. This further affirms the fact that the theft was state-sponsored. 

Chainanalysis Gives a Step-by-Step Analysis of the Bybit Hack 

According to Chainanalysis, the following are the ways through which hackers gained access to Bybit and stole cryptos worth $1.5 bn: 

1. Social Engineering: Hackers used phishing attacks to access cold wallet signers. As a result, the latter signed malicious transactions. Then, the hackers replaced the multi-signature contract for wallet implementation with their own. 

2. Unauthorized Transfer: The attackers intercepted routine transfers from Bybit’s cold wallet to a hot wallet. In fact, the hackers got access to 401,000 ETH and moved to their own addresses. 

3. Use of Intermediary Address: Then, the hackers used their intermediary addresses to move the assets. Basically, this is a common tactic to get past tracking efforts. 

4. Currency Conversion: After getting access to those ETH tokens, the hackers swapped them with BTCs and DAIs. Also, to move those assets, they used decentralized exchanges, cross-chain bridges, and a swap service that required no KYC. 

5. Dormancy of Funds: After the funds spread across various addresses, they remained dormant. This is a common method that North Korea-based attackers use. Now, as the hackers delay laundering those funds, their focus here is to resist immediate scrutiny. 

Chainanalysis states that Blockchain technology’s transparency poses a significant challenge for malicious actors. Hence, the firm recommends crypto exchanges focus on higher collaboration. Finally, it lauded the swift response of Bybit to cover customer losses.