Posted on 04/05/2025 11:17:45 AM PDT by EnderWiggin1970
It all happened overnight and in a matter of minutes. Ben Zhou, CEO of the cryptocurrency exchange Bybit, made a series of routine transfers from his home computer. A short while later, his company called to inform him that his reserves of Ethereum, the second most-used cryptocurrency after Bitcoin, worth $1.5 billion, had vanished. By then, the ethers had already been transferred to thousands of other people’s digital wallets. Bybit had just suffered the largest theft in history. Five days later, the FBI confirmed what some analysts suspected from the outset: the attack was the work of Lazarus, a hacking group supported by the North Korean government that has become the scourge of the crypto sector.
Zhou went out of his way to appear calm on social media immediately after the cyberattack, even sharing the heart rate displayed on his smartwatch to convey that everything was under control. The entrepreneur assured his clients affected by the theft that they would receive 100% of their deposits back. Fearing a panic in the sector, some of Bybit’s competitors, such as Byget, lent Zhou $100 million in interest-free ether to help repay their deposits, The New York Times reported.
But the damage was done. Less than 24 hours later, Bybit customers had withdrawn around $10 billion worth of cryptocurrency, almost half of the platform’s total managed volume. The value of Bitcoin, the benchmark cryptocurrency, fell 20% the day after the cyberattack, its worst day since the 2022 bankruptcy of FTX, the exchange run by Sam Bankman-Fried, the most popular crypto broker at the time.
(Excerpt) Read more at english.elpais.com ...
Reading this was really irritating. For all the sophistication of the Lazarus team, Bybit was making astonishing mistakes operationally. No serious online exchange should have CEO's sitting at home in their underwear making unilateral billion-dollar transfers.
Even smaller value, routine withdrawals and other transfers should only be happening with employees and hardware (and software) in dedicated secure facilities using silos - physically and computationally separate departments, such that multiple independent transactions need to be made to the blockchain to release funds (M of N multisig, in industry parlance). Combined with competent real-time monitoring and "3rd party" (another silo) verification of all such transaction requests, this would greatly complicate any hacking efforts. (Plus, any huge transfers should be broken down into reasonably smaller TX - they should have a policy of never doing a single TX over $100M for example, and staggering a serious of such TX at 1/minute for example to ensure no more than 1 TX is at risk at a time.
There are exchanges with great long term track records in this area (Kraken for example); those who are lax won't exist in the long term. Consumers should press for exchanges to publish the principles (but not precise details) used by exchanges to safeguard funds, and audits should be done to ensure they are followed.
The good news is this crime only affects centralized, 1st generation crypto exchanges (CEXs). Hackers can't empty the vaults of decentralized exchanges (DEXs) because they never have custody of customer funds. Once you exchange your old government money for crypto and get it off the exchange you can transact freely with other individuals and businesses without ever touching a bank/CEX and its vulnerabilities.
NK says they’re sorry, will send a check to repay.
As soon as we submit payment of $14.99 to cover the cost of sending the check, right? ;-)
Just make sure they don’t try to repay with cash. Those rascals are pretty good at counterfeiting US currency.
Anyone capable of pulling off a crypto scam is certainly capable of making it look like someone else did it.
The first investigation starts in house.
Thanks for that insight. Wouldn’t they need someone to let them know that the CEO periodically makes transfers from a cold wallet to a hot wallet? Doesn’t sound like normal security protocols and just the type of lax security in place to facilitate a heist like this. In other words an inside job.
Isn’t it about time things started randomly exploding in the hermit kingdom?
CC
Any requests for transfer should be sent to a number of separate entities. For example to a verification department, with the verification departments' software reflecting back to the requestor's webpage the details of the request so they can see if anything changed. And then to multiple other departments each of which would sign a transaction and submit it to the blockchain as well as back to the first department to ensure the details have not been altered by a copy/paste attack.
I'm not a security pro and this is just off the cuff; I'm sure more security measures and review checks could be added. But any system is only as secure as its weakest link, and so even an exchange boasting of great security is worthless if it has a back door for the CEO to login with PW=Admin and skip all the security "rigamarole."
As the article mentions, Lazarus group has been ID’d as the culprit in dozens of attacks now. I agree with you in principle that obfuscation is a concern, but there’s been quite the body of evidence the last few years and I haven’t heard the Norks denying anything. I think they have gotten pretty arrogant in imagining themselves untouchable since they have state backing (and are funding the NK state, I don’t think this is going into individual hackers’ pockets.)
What scares me the most is that our government has no way to recover the losses, yet they are looking at implementing crypto as legal tender FOR the US. There is no FDIC insurance for crypto, and people can, and are, literally bankrupted in a milisecond and the FBI cannot do a thing about it. I know, it happened to me.
Hacky bumpy.
I don’t get it.
First I must admit my knowledge of crypto was limited.
But I have often heard , how crypto is supposed to be so safe. Because the block chain is stored in multiple computer systems world wide, and every specific transaction is tracked in those multiple systems.
From my limited knowledge, it should be impossible for crypto to just be stolen, because of how the block chain tracks every single transaction in multiple places.
When did this happen? The link just says "after 2022."
So is that Nork money?
But the script they ran and the fact that it is this f-----g easy, means a true systemic global Mt. Gox that decapitates BTC and triggers the complete implosion of all crypto is just around the corner. And sh!t is going to get real weird real fast when that happens...
You save lots of cash by letting your people starve unless they join the army. Then you got money to hire hackers to make more money. Black market organ transplants from felons and political prisoners to rich foreigners very big money maker, too. Who says I can’t balance budget.
This sneaky pete passive aggressive crap will only end when we put the world on notice that cyber crime is now an act of cyber war.
Then we start sinking ships, cratering planes, and seizing assets anywhere in the world by keyboard, quill and kinetic weapons.
A couple dozen prize ships docking in NYC crewed by the USN would send a message.
Hoist the Jolly Roger, the Clean Sweep Broom, and break out the kill stencils and rattle cans!
The only thing that changes during a transaction or a theft is the new residence of those particular Bitcoins.
The people who own Bitcoins have a unique 64 bit alpha-numeric pass code into their Bitcoin account, or multiple accounts.
Misplace your pass codes? Bye, bye, Bitcoins, at least until quantum computers can hunt them down.
Anyway, that is my anecdotal understanding.
My wife likes to tell me that I’m very smart, and indeed it takes some brains to be a master electrician.
But after reading through this thread I’m once again slapped with just how ignorant I really am.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.