R $ 8.6 BI LOSS: What we already know about the largest crypto money theft in history

Until last Friday (21), the largest crypto currency theft in history had been a poly network in 2021. At that time, the invaders directed $ 610 million (equivalent to $ 3.5 billion), but twice returned the full value. Weeks.

However, this ranking has changed with a new situation: Bybit’s hack is one of the largest crypto currencies in the world. Operation resulted in a deviation of $ 1.5 billion at a time (or $ 8.6 billion r in the transformation of direct currency).

https://www.youtube.com/watch?v=jmtuwgvarua

The event that includes Dubai -based company It is not only for the related value, but also for the complexity of the techniques used. To obtain access to crypos. Throughout the days, some details of the coup have emerged and strengthened that fraud plans have turned into a higher speed than the safety mechanisms created to prevent them.

What happened to Bybit

The broker announced on February 21 that he had detected an “unauthorized activity” in one of the crypto currency wallets containing Ethereum. The entire value stolen in a single operation contained approximately 400,000 units of ETH and Steth Ether (Steth) transferred to the same recipient.

The $ 8.6 billion R $ in Ethereum is stored in a “cold” wallet – a crypto currency storage account without direct connection with the Internet, moving values ​​from a special key without accessing blockchain.

This would make theft for difficulty, but the broker’s balance was further protected. The portfolio in question is a Multipleor multiple signatures, so An additional safety layer that requires two or more special keys with different peopleto give a transaction authority.

Master Cheat

How was this great value stolen with such care? Bybit claims this Everything happened in the process of transferring cold wallets and multiple features to “hot” walletsNetwork -connected accounts and every day to move customers’ encryption

Criminals Smart contract managed to manipulate the digital protocol and change the transaction signature interfaceIt causes people responsible for special switches to think that they approve a legitimate operation. In fact, they allowed all the stolen Ethereum to be sent to a cyber criminal account.

In other words, Blockchain’s security protocol had no vulnerability. The fraud included a possible occupation of Bybit’s internal systems or employee machines, which had a manipula interface to allow criminal procedures.

Who was responsible for theft?

Preliminary Analysis by Elliptics Lazarus Group is the main suspect and probably responsible for theft. Cyber ​​negative gang stems from North Korea, has connections with local government, and has been known for theft of large values ​​in crypto currencies for years.

It is known that Lazarus members use interface change malware and detailed social engineering forms to deceive large company employees. They are probably involved in the third largest theft in the crypto industry: A Deviation of about $ 550 million from the network associated with Axie Infinity.

Three days after the theft, which is accepted as a registration time and a good management example, Bybit increased the same amount in the backgrounds to continue to serve customers with reserves. However, the stolen money still has criminals: Already in the process of washing anonymous transfer to BitcoinHowever, the company aims to freeze stolen funds to save time and try to save at least some of the value.

As the checkpoint points, Even with many layers of protection, the invasion is considered to be a page return in the crypto currency sector.. The operation means that even the most complex systems used today are not completely unsuccessful and even if the monitoring of digital protocols is efficient, it is still a weaker connection in processes and becomes a target.

Would you like to learn more about data privacy, digital fraud and internet protection? Find in Tecmundo’s security department to stay informed!