Bjarteblogg

How North Korea pulled off a $1.5 billion crypto heist—the biggest in history - Ars Technica

https://arstechnica.com/security/2025/02/how-north-korea-pulled-off-a-1-5-billion-crypto-heist-the-biggest-in-history/

The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history.

[…]

In much the same way that nuclear arms systems are designed to require two or more authorized people to successfully authenticate themselves before a missile can be launched, multisig wallets need the digital signatures of two or more authorized people before assets can be accessed.

Bybit was largely following best practices by storing only as much currency as needed for day-to-day activity in warm and hot wallets, and keeping the rest in the multisig cold wallets. Transferring funds out of cold wallets required coordinated approval from multiple high-level employees of the exchange.

[…]

multiple systems inside Bybit had been hacked in a way that allowed the attackers to manipulate the Safe wallet UI on the devices of each person required to approve the transfer. That revelation, in turn, has touched off something of a eureka moment for many in the industry.

“The Bybit hack has shattered long-held assumptions about crypto security,” Dikla Barda, Roman Ziakin, and Oded Vanunu, researchers at security firm Check Point, wrote Sunday. “No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link. This attack proves that UI manipulation and social engineering can bypass even the most secure wallets.”