0.0
February
0.48
25,
1.679
12
2.12
,030
2.779
p
2.919
.m.,
3.339
Coordinated
4.16
Universal
4.459
Time
5.04
Inside
6.379
the
6.879
operations
7.339
center
7.86
of
8.14
Bybit,
8.66
a
9.019
cryptocurrency
9.48
exchange
10.08
headquartered
11.119
in
11.16
Dubai,
11.74
handling
12.339
tens
12.759
of
13.039
billions
13.38
of
13.64
dollars
13.96
in
14.179
daily
14.439
trading
14.8
volume,
15.519
a
15.96
scheduled
16.399
transfer
16.76
begins.
18.419
401
18.839
,347
20.699
Ethereum
21.12
tokens,
22.019
approximately
22.76
$1
23.239
.5
23.82
billion
24.179
at
24.859
that
25.14
moment.
25.48
The
26.16
transfer
26.539
is
26.8
routine,
27.379
from
27.739
Bybit's
28.219
multi
28.559
-signature
29.199
cold
29.44
wallet
29.78
held
30.16
offline
30.6
for
30.92
security
31.219
to
31.78
a
31.98
warm
32.32
wallet
32.6
used
32.92
for
33.2
operational
33.82
liquidity.
35.34
Three
35.719
senior
36.359
Bybit
36.92
employees
37.24
are
37.7
required
38.039
to
38.42
authorize
39.06
the
39.179
transaction.
40.0
They
40.7
open
41.06
the
41.299
safe
41.579
wallet
41.92
interface
42.399
on
42.84
their
42.979
workstations.
43.859
They
44.479
review
44.82
the
45.1
destination
45.439
address.
46.659
They
47.039
review
47.399
the
47.659
transaction
48.079
details.
49.64
Everything
50.02
matches
50.719
the
51.039
expected
51.399
operation.
52.439
They
53.2
sign.
54.299
One
54.679
minute
54.979
later.
55.479
401
55.92
,000
56.82
Ethereum
57.079
tokens
57.659
are
57.92
gone.
58.619
Not
59.34
transferred
59.84
to
60.1
the
60.219
warm
60.46
wallet.
61.5
Transferred
62.219
to
62.32
an
62.439
address
62.659
controlled
63.02
by
63.38
North
63.56
Korea.
65.64
No
66.359
passwords
66.879
were
67.239
stolen.
67.78
No
68.26
private
68.64
keys
69.019
were
69.359
extracted.
70.12
No
70.54
credentials
70.98
were
71.4
phished.
72.26
Bybit's
72.799
own
72.98
infrastructure
73.519
was
74.0
not
74.219
compromised.
75.159
The
75.64
three
75.859
signers
76.359
did
76.56
exactly
76.939
what
77.26
their
77.459
procedures
77.859
instructed
78.42
them
78.78
to
78.92
do.
79.34
What
79.799
they
79.98
saw
80.299
on
80.579
their
80.76
screens,
81.459
they
81.84
approved.
82.78
What
83.5
they
83.68
saw
83.959
on
84.18
their
84.319
screens
84.76
was
85.299
allowed.
85.48
And
85.739
what
85.739
they
85.739
did
85.739
not,
85.739
they
85.739
wouldn't
85.739
lie.
86.299
This
87.06
is
87.4
the
87.579
largest
88.079
single
88.62
cryptocurrency
89.2
theft
89.78
ever
90.219
recorded.
90.84
It
91.54
is,
91.819
by
92.04
Guinness
92.34
World
92.519
Records
92.799
classification,
93.76
the
94.159
largest
94.56
bank
95.0
heist
95.42
in
95.579
history,
96.18
exceeding
97.26
even
97.54
the
97.78
$1
97.939
billion
98.54
Saddam
99.359
Hussein
99.719
extracted
100.14
from
100.64
Iraq's
101.04
central
101.219
bank
101.54
in
101.76
2003.
102.62
It
103.359
was
103.459
executed
103.92
by
104.319
changing
104.719
a
104.959
single
105.319
file
105.7
on
105.959
a
106.06
website.
106.739
The
107.5
attack
107.819
did
108.219
not
108.54
target
109.04
Bybit
109.579
directly.
110.98
Bybit's
111.739
infrastructure.
112.62
Servers.
113.379
employee
113.98
workstations,
115.019
signing
115.54
hardware,
116.359
internal
116.879
networks
117.54
was
117.98
never
118.4
penetrated.
119.74
Every
120.2
subsequent
120.739
forensic
121.219
investigation
121.939
conducted
122.799
by
123.14
independent
123.5
firms,
124.359
Signia
124.9
and
125.2
Verichains,
125.92
confirmed
126.439
the
127.06
same
127.359
finding.
128.5
Bybit
129.06
was
129.34
not
129.74
hacked.
131.12
The
131.58
company
131.939
that
132.099
was
132.24
hacked
132.52
was
132.8
Safe,
133.379
formerly
134.18
Gnosis
134.699
Safe,
135.219
the
135.699
most
135.879
widely
136.3
used
136.759
multi
137.24
-signature
137.96
wallet
138.219
platform
138.819
in
139.219
the
139.319
Ethereum
139.719
ecosystem.
140.96
Safe
141.479
maintains
141.84
the
142.419
web
142.62
interface
143.08
at
143.52
app
143.9
.safe
144.58
.global,
145.52
through
145.979
which
146.199
most
146.46
institutional
147.06
Ethereum
147.599
holders
148.199
manage
148.8
multi
149.259
-party
149.699
authorization
150.24
of
150.9
large
151.18
transactions.
152.46
Safe's
153.3
engineering
153.659
team
154.08
numbers
154.56
approximately
155.099
30
155.58
people.
156.199
Among
156.759
them,
157.24
a
157.5
small
157.819
group
158.159
of
158.379
system
158.639
administrators
159.099
have
159.62
permissions
160.039
to
160.419
modify
160.819
the
161.199
live
161.5
production
161.86
codebase
162.56
and
163.0
the
163.199
deployed
163.5
web
163.86
interface.
164.96
Approximately
165.8
30
166.12
days
166.46
before
166.8
February
167.24
21,
167.96
one
168.24
of
168.9
those
169.139
system
169.52
administrators
170.039
is
170.599
targeted.
173.0
The
173.759
vector
174.099
is
174.319
consistent
174.8
with
175.259
the
175.379
playbook
175.8
of
176.0
the
176.08
North
176.28
Korean
176.56
unit,
177.12
internally
177.719
tracked
178.28
by
178.639
the
178.74
Federal
179.02
Bureau
179.439
of
179.78
Investigation
180.5
as
180.919
Trader
181.34
Trader.
181.9
The
182.659
unit
182.939
is
183.319
a
183.479
subcomponent
184.3
of
184.52
the
184.56
broader
184.9
Lazarus
185.52
Group,
185.9
operating
186.5
out
186.96
of
187.08
the
187.159
Third
187.46
Bureau
187.78
of
188.159
North
188.319
Korea's
188.979
Reconnaissance
189.56
General
189.919
Bureau.
190.9
The
191.659
specific
192.02
technique
192.599
is
192.96
not
193.159
publicly
193.56
disclosed
194.36
by
194.56
Safe
194.9
or
195.3
by
195.599
investigators.
196.5
Most
197.139
likely,
197.58
a
197.84
highly
198.28
targeted
198.78
social
199.139
engineering
199.659
approach,
200.419
routing
200.9
through
201.219
a
201.379
LinkedIn
201.639
contact,
202.46
a
202.659
developer
203.06
forum,
203.699
or
203.96
a
204.08
technical
204.4
collaboration
204.879
pretext.
205.96
The
206.759
administrator
207.18
downloads
207.8
what
208.319
appears
208.599
to
208.84
be
209.039
a
209.219
legitimate
209.68
technical
210.12
artifact.
211.02
The
211.759
artifact
212.139
contains
212.599
malware.
213.52
The
214.319
malware
214.759
steals
215.479
AWS
216.159
session
216.68
tokens,
217.34
not
217.819
long
218.199
-lived
218.479
credentials,
219.24
the
219.539
temporary
219.96
authentication
220.5
tokens
221.28
that
221.639
Safe's
221.979
developers
222.36
use
222.759
during
223.18
their
223.4
normal
223.719
workday
224.219
to
224.62
access
225.0
Amazon
225.419
Web
225.8
Services,
226.379
or
226.78
Safe's
227.219
web
227.58
interface
227.96
is
228.24
hosted.
228.819
With
229.52
those
229.78
tokens,
230.46
the
230.78
attackers
231.219
gain
231.539
access
232.08
to
232.46
Safe's
232.86
AWS
233.199
account.
234.659
They
235.06
do
235.219
not
235.5
extract
235.78
data.
236.52
They
237.159
do
237.3
not
237.52
deploy
237.84
ransomware.
238.759
They
239.36
do
239.52
not
239.78
attempt
240.099
lateral
240.5
movement
241.0
through
241.439
the
241.58
infrastructure.
242.46
They
243.259
modify
243.819
one
244.3
JavaScript
244.84
file.
245.8
The
246.599
file
246.96
served
247.34
from
247.68
Safe's
248.18
Amazon
248.52
S3
249.18
storage
249.659
bucket
249.96
is
250.539
the
250.699
front
251.0
-end
251.319
JavaScript
251.879
that
252.659
renders
253.199
the
253.36
transaction
253.84
approval
254.34
interface
255.319
in
255.719
Bybit's
256.24
signers'
256.779
browsers.
257.579
The
258.3
modified
258.699
version
259.1
contains
259.519
what
260.0
forensic
260.439
investigators
261.06
later
261.519
describe
261.959
as
262.439
conditional
263.339
malicious
263.92
logic.
265.0
For
265.879
the
266.0
vast
266.3
majority
266.759
of
267.199
Safe
267.439
users,
268.04
ordinary
268.62
holders,
269.54
other
269.899
exchanges,
270.699
decentralized
271.339
finance
272.139
projects,
272.98
the
273.939
modified
274.42
JavaScript
274.939
behaves
275.439
identically
276.36
to
276.62
the
276.699
legitimate
277.079
version.
278.319
The
278.759
interface
279.16
renders
279.879
normally.
281.06
Transactions
281.939
process
282.339
as
282.8
expected.
283.5
Nothing
284.339
looks
284.6
wrong.
285.3
The
286.18
malicious
286.56
code
287.12
exits
287.519
using
287.56
a
287.56
fictitious
287.56
web
287.56
worth
287.56
tool
287.56
called
287.56
Presuw.
287.579
It
287.579
executes
287.939
only
288.18
when
288.54
specific
288.959
conditions
289.56
are
290.04
met.
290.62
Those
291.36
conditions
291.839
are
292.22
engineered
292.66
precisely
293.319
for
294.079
Bybit.
294.639
The
295.399
code
295.66
checks.
296.16
Is
296.62
this
296.819
session
297.18
authenticated
298.079
against
298.399
one
298.839
of
299.16
three
299.42
specific
299.899
wallet
300.36
addresses?
301.139
Is
301.759
the
301.86
transaction
302.3
being
302.72
proposed
303.04
a
303.36
transfer
303.74
from
304.12
Bybit's
304.56
Ethereum
304.8
cold
305.319
wallet?
305.92
If
306.579
both
306.819
conditions
307.24
are
307.56
true,
307.939
proceed.
310.68
If
311.439
both
311.699
conditions
312.12
are
312.42
true,
312.819
the
313.24
malicious
313.579
JavaScript
314.139
intercepts
315.459
the
315.56
transaction
315.92
data
316.439
just
316.92
before
317.439
it
317.74
is
317.839
displayed
318.199
to
318.48
the
318.579
signers.
319.139
It
319.699
substitutes
320.42
the
320.56
transaction
320.939
logic.
321.819
What
322.399
the
322.54
signers
323.0
see
323.199
on
323.42
their
323.579
screen,
324.22
destination
324.839
address,
325.8
amount,
326.579
operation
327.24
type,
327.899
remains
328.519
visually
329.259
identical
329.86
to
330.399
the
330.48
legitimate
330.939
intended
331.36
transfer.
332.3
What
333.1
they
333.259
are
333.439
actually
333.8
signing
334.339
is
334.92
a
335.06
delegate
335.439
call
335.86
to
336.36
a
336.519
contract
337.079
controlled
337.699
by
338.16
North
338.399
Korea.
339.18
In
339.98
Ethereum,
340.68
delegate
341.279
call
341.68
is
341.98
a
342.12
primitive
342.519
that
343.04
allows
343.3
one
343.699
smart
344.0
contract
344.62
to
345.019
execute
345.379
code
345.819
in
346.22
the
346.279
contract.
346.439
In
346.639
Ethereum,
346.639
the
346.639
signer
346.639
is
346.639
able
346.639
to
346.639
execute
346.639
code
346.639
in
346.639
the
346.639
context
346.639
of
346.98
another,
347.459
with
348.019
full
348.259
access
348.72
to
349.079
the
349.22
caller's
349.699
storage
350.04
and
350.279
funds.
351.04
When
351.72
a
351.819
signer
352.22
approves
352.68
a
352.819
transaction
353.36
that
353.72
includes
354.04
a
354.36
delegate
354.579
call,
355.319
they
355.72
are
355.86
not
356.079
merely
356.399
transferring
356.879
funds.
357.779
They
358.459
are
358.579
granting
359.06
the
359.279
called
359.6
contract
360.019
full
360.62
control
361.12
over
361.62
the
361.74
calling
362.0
wallet.
363.139
By
363.819
approving
364.36
what
364.519
they
364.66
believe
365.139
is
365.5
a
365.62
routine
365.899
transfer,
366.8
the
367.379
three
367.699
Bybit
368.139
signers
368.68
grant
369.019
a
369.3
North
369.459
Korean
369.839
-controlled
370.3
contract
370.959
total
371.36
ownership
371.86
of
372.42
their
372.579
cold
372.8
wallet.
377.579
The
378.24
agreement
378.6
to
378.6
the
378.6
transaction
378.6
of
378.6
the
378.6
account
378.6
was
378.6
signed
378.6
by
378.6
the
378.6
signer
378.6
and
378.6
the
378.6
token
378.6
of
381.06
All
381.06
three
384.48
of
384.92
the
384.92
signers
385.139
are
385.36
the
385.36
same
385.36
signer.
385.36
They
385.36
had
385.36
multiple
385.6
authentication
386.339
enabled
387.24
on
387.66
their
387.86
accounts.
388.579
All
389.24
three
389.54
signed
389.98
decree
390.339
accounts,
390.579
including
390.579
the
390.579
security
390.579
keys,
391.86
and
392.1
none
392.5
of
392.66
them
392.839
mattered.
393.379
The
394.0
deception
394.279
happened
394.74
at
395.06
the
395.139
layer
395.399
above
395.779
authentication,
396.86
at
397.16
the
397.3
layer
397.579
where
397.839
the
397.959
signer's
398.48
own
398.699
eyes
399.12
interpret
399.48
what
400.16
the
400.259
signer
400.72
is
400.8
being
401.0
asked
401.379
to
401.72
approve.
402.72
What
403.379
is
403.5
the
403.5
journey
403.5
of
403.5
the
403.5
transaction
403.5
once
403.5
the
403.5
transaction
403.5
is
403.5
approved?
403.5
Soon
403.5
after
403.62
the
404.16
transaction
404.459
has
405.079
been
405.079
completed,
405.079
the
405.079
transaction
405.079
will
405.079
be
405.439
sent
405.439
to
405.5
the
405.6
signer.
406.42
the
406.899
malicious
407.579
JavaScript
408.12
on
408.74
SAFe's
409.199
website
409.56
is
410.06
deleted.
410.819
The
411.579
modified
412.0
file
412.36
is
412.74
replaced
413.12
with
413.519
the
413.639
legitimate
413.98
version.
414.68
Any
415.36
subsequent
415.8
visitor
416.379
to
416.6
app
416.839
.safe
417.439
.global
418.0
receives
418.3
clean
418.699
code.
419.399
The
420.0
evidence
420.399
is
420.56
gone
420.839
from
421.1
the
421.199
live
421.439
environment.
422.3
But
423.019
SAFe's
423.5
infrastructure
423.98
is
424.759
not
425.06
the
425.279
only
425.62
place
426.139
the
426.3
file
426.579
was
426.819
served.
427.459
Way
427.839
back
428.139
machine
428.519
archives,
429.439
the
429.839
public
430.1
archive
430.54
of
430.959
the
431.019
web
431.3
maintained
431.759
by
432.24
the
432.42
Internet
432.68
Archive,
433.339
had
433.62
captured
434.12
the
434.36
malicious
434.68
version
435.16
during
435.779
its
436.019
active
436.399
deployment
436.759
window.
437.56
When
438.019
investigators
438.54
reconstruct
439.18
the
439.68
attack,
440.24
the
440.639
archived
441.3
file
441.62
becomes
442.019
central
442.5
forensic
442.939
evidence.
443.74
The
444.18
attackers
444.639
had
445.019
not
445.279
anticipated
445.839
that
446.42
the
446.56
public
446.86
web
447.16
archive
447.56
was
447.959
quietly
448.399
making
448.74
copies
449.3
of
449.579
their
449.72
exploit.
452.04
Bybit's
452.839
detection
453.12
systems
453.639
flag
454.22
the
454.5
anomaly
454.819
within
455.36
minutes.
456.1
CEO
456.639
Ben
457.16
Zhou
457.42
publicly
457.92
confirms
458.399
the
458.959
theft
459.24
within
459.579
hours.
460.42
Blockchain
461.079
analysis
461.579
firms
462.199
begin
462.6
tracing
463.139
the
463.319
theft
463.339
with
463.379
the
463.379
stolen
463.72
Ethereum
464.04
in
464.48
real
464.72
time.
465.879
The
466.22
laundering
466.699
operation
467.06
has
467.519
already
467.839
started.
469.1
North
469.5
Korea's
470.079
cryptocurrency
470.5
laundering
471.399
methodology
471.8
is
472.459
mature.
473.48
Within
474.279
the
474.48
first
474.74
48
475.139
hours
475.54
after
476.019
the
476.22
theft,
476.779
blockchain
477.3
analysts
477.92
estimate
478.54
that
478.879
approximately
479.279
$160
480.199
million
480.699
in
481.379
Ethereum
481.98
is
482.379
successfully
482.72
laundered
483.54
through
483.74
decentralized
484.12
exchanges
484.959
and
485.74
cross
486.1
-chain
486.379
bridges.
487.06
The
487.699
assets
488.04
are
488.3
converted,
488.92
fragmented,
489.939
mixed
490.459
through
490.66
privacy
491.06
protocols,
491.579
and
491.92
reconstituted
493.139
across
493.339
thousands
494.04
of
494.279
blockchain
494.56
addresses.
495.439
The
496.24
preferred
496.66
conversion
496.959
target
497.579
is
498.18
Bitcoin.
499.56
Bitcoin's
500.36
transaction
500.74
model
501.259
uses
501.74
unspent
502.48
transaction
502.779
outputs,
503.819
a
504.259
structure
504.62
that
504.839
treats
505.1
every
505.439
transaction
505.98
as
506.439
a
506.54
discrete
506.839
unit,
507.42
analogous
508.24
to
508.399
physical
508.68
cash.
509.6
Tracing
510.399
a
510.54
specific
510.759
dollar
511.22
value
511.5
through
511.899
Bitcoin
512.179
requires
513.019
following
513.639
individual
514.279
UTXOs
515.139
across
515.46
many
515.84
addresses,
516.559
an
516.94
exponentially
517.48
more
517.919
complex
518.519
forensic
518.879
task
519.34
than
519.86
tracing
520.259
an
520.48
Ethereum
520.72
account.
521.58
North
522.559
Korea's
523.1
laundering
523.58
unit,
524.019
designated
524.519
by
524.899
the
525.039
FBI
525.519
as
526.0
TraderTrader,
526.98
converts
527.5
most
528.0
of
528.179
the
528.279
stolen
528.639
Ethereum
528.96
to
529.419
Bitcoin
529.74
within
530.519
the
530.74
first
530.98
week.
531.58
The
532.32
FBI
532.799
issues
533.34
a
533.679
public
533.98
service
534.279
announcement
534.799
on
535.22
February
535.559
26,
536.6
2025,
538.3
five
539.08
days
539.32
after
539.84
the
540.0
attack,
540.559
formally
541.159
attributing
541.759
the
541.899
theft
542.179
to
542.44
North
542.639
Korea.
543.24
The
544.019
bureau
544.299
releases
544.899
51
545.279
Ethereum
546.059
addresses
546.559
identified
547.1
as
547.74
part
547.94
of
548.139
the
548.259
laundering
548.72
infrastructure.
549.24
It
549.659
calls
550.539
on
550.86
exchanges,
551.62
decentralized
552.279
finance
553.2
platforms,
554.059
and
554.419
blockchain
554.759
intelligence
555.159
firms
555.759
to
556.039
block
556.259
transactions
556.759
derived
557.379
from
557.799
those
558.0
addresses.
558.99
The
559.399
attribution
560.08
is
560.419
rapid
560.94
by
561.32
the
561.419
standards
561.879
of
562.12
nation
562.44
-state
562.899
cyber
563.299
attack
563.58
investigations.
564.679
It
565.019
is
565.159
enabled
565.58
by
566.039
pattern
566.48
matching.
568.99
The
569.399
addresses
569.899
used
570.2
to
570.44
move
570.679
Bybit's
571.2
stolen
571.48
funds
571.84
overlap,
572.759
at
573.039
specific
573.34
points,
574.08
with
574.539
addresses
574.82
used
575.299
in
575.58
prior
575.799
cryptocurrency
576.379
thefts.
577.2
The
577.899
2024
578.419
Phemex
579.299
theft,
579.799
the
580.32
2024
580.98
Bing
581.659
X
581.96
theft,
582.48
the
582.98
2023
583.5
Poloniex
584.6
theft.
585.179
Blockchain
586.019
intelligence
586.5
firms,
587.379
Elliptic
588.059
and
588.259
TRM
588.94
Labs,
589.44
along
589.759
with
590.08
independent
590.399
investigator
591.159
Zach
591.62
XBT,
592.48
establish
593.159
the
593.62
overlaps
594.2
within
594.419
days.
595.279
The
596.12
same
596.32
operators
596.919
are
597.399
running
597.7
the
597.84
same
598.159
laundering
598.82
infrastructure
599.159
across
599.899
repeated
600.5
heists.
601.32
The
602.059
infrastructure
602.5
is
603.2
the
603.34
signature.
604.72
Context
605.559
for
605.779
the
605.919
scale.
607.2
According
607.539
to
607.86
multiple
608.22
blockchain
608.72
intelligence
609.08
firms,
610.159
the
610.259
Lazarus
610.799
Group
611.0
and
611.32
its
611.519
subcomponents
612.24
have
612.5
stolen,
613.139
over
613.46
a
613.679
multi
613.94
-year
614.22
period,
614.899
an
615.2
estimated
615.74
$3
616.1
.4
616.759
to
616.98
over
617.2
$6
617.5
billion
618.019
in
618.679
cryptocurrency.
619.879
In
620.24
2024
620.679
alone,
621.58
North
621.899
Korean
622.24
-linked
622.74
theft
623.039
accounted
623.48
for
623.799
over
624.08
$2
624.299
billion.
626.179
Bybit's
626.899
$1
627.1
.5
627.799
billion,
628.679
taken
629.299
in
629.539
a
629.62
single
629.919
operation,
630.82
exceeds
631.32
the
631.72
next
632.019
largest
632.539
single
632.879
heist,
633.399
the
633.86
2024
634.399
theft
635.08
of
635.5
$308
636.34
million
636.779
from
637.5
Japan's
638.12
DMM
638.58
Bitcoin
638.799
exchange
639.279
by
639.919
a
640.039
factor
640.34
of
640.519
5.
641.139
The
642.059
funds
642.419
flow,
643.08
through
643.48
laundering
644.1
networks,
644.84
into
645.32
accounts
645.72
controlled
646.2
by
646.62
the
646.74
Democratic
647.039
People's
647.74
Republic
647.98
of
648.32
Korea
648.58
government.
649.759
Treasury
650.34
Department
650.799
designations
651.779
have
652.019
established
652.519
repeatedly
653.039
that
653.779
these
654.059
accounts
654.44
finance
655.059
North
655.539
Korea's
656.08
weapons
656.34
programs,
657.179
including
657.72
ballistic
658.32
missile
658.82
development
659.36
and
659.899
its
660.2
nuclear
660.5
program.
663.519
Bybit,
664.379
for
664.519
its
664.679
part,
665.1
survives.
665.879
The
666.48
company
666.899
is
667.259
solvent.
668.0
Within
668.6
hours
669.059
of
669.299
the
669.379
theft,
669.879
CEO
670.36
Ben
670.94
Zhou
671.24
arranges
672.1
bridge
672.419
loans
672.759
and
673.059
strategic
673.399
inflows
674.2
from
674.379
other
674.7
institutional
675.2
holders
675.82
to
676.159
replenish
676.639
reserves.
677.44
Customer
678.159
funds
678.5
remain
678.899
protected.
679.7
No
680.1
user
680.539
lost
680.899
deposited
681.299
assets.
682.5
The
683.22
exchange
683.44
launches
684.24
a
684.399
recovery
684.84
bounty
685.22
program,
686.059
offering
686.539
up
686.899
to
687.08
10
687.34
%
687.72
of
688.019
any
688.299
funds
688.62
recovered
689.019
to
689.34
those
689.639
who
689.82
help
690.019
trace
690.399
or
690.82
seize
691.159
them.
691.799
The
692.519
vast
692.799
majority,
693.24
of
693.559
the
693.799
stolen
694.2
Ethereum,
694.82
has
695.019
not
695.36
been
695.639
recovered.
696.279
The
697.0
unresolved
697.659
elements
698.1
of
698.419
this
698.639
case
698.899
file
699.22
are
699.559
structural.
700.84
Bybit
701.559
did
701.779
nothing
702.159
wrong
702.62
by
702.96
the
703.08
standards
703.519
of
703.7
cryptocurrency
704.1
custody
704.659
best
705.059
practices.
705.879
It
706.46
used
706.779
cold
707.08
storage
707.639
for
707.919
its
708.1
reserves.
708.7
It
709.2
used
709.559
multi
710.0
-signature
710.559
authorization
710.86
for
711.539
transfers.
712.299
It
712.779
used
713.159
a
713.36
reputable
713.799
third
714.22
-party
714.62
interface
714.94
provider.
715.72
It
716.22
used
716.539
hardware
717.0
security
717.34
keys
717.879
for
718.1
its
718.279
signers.
718.86
Every
719.519
defense
719.899
of
720.08
control
720.36
the
720.679
industry
720.98
recommends,
721.519
Bybit
722.36
implemented.
723.08
The
723.879
attack
724.159
bypassed
724.94
all
725.159
of
725.32
them
725.519
by
725.679
compromising
726.36
a
726.48
layer
726.7
outside
727.12
Bybit's
727.82
control.
728.799
Safe,
729.58
the
729.84
interface
730.299
provider,
731.1
serves
731.539
thousands
732.08
of
732.559
institutional
733.0
clients.
734.019
Any
734.519
of
734.679
those
734.86
clients
735.32
could
735.639
have
735.799
been
735.98
the
736.12
target.
736.799
Bybit
737.399
was
737.6
selected
738.0
because
738.44
the
738.679
attackers
739.139
had,
739.659
through
739.98
their
740.159
initial
740.5
reconnaissance,
741.36
identified
741.86
its
742.36
cold
742.639
wallet
743.059
addresses
743.46
and
743.919
transaction
744.44
patterns
745.059
in
745.34
advance.
746.0
The
746.5
conditional
746.94
JavaScript
747.5
was
748.0
engineered
748.419
around
748.82
those
749.259
specific
749.759
data
750.179
points.
752.159
The
752.919
underlying
753.419
architectural
754.019
weakness
754.72
is
755.159
general,
755.72
not
756.08
specific.
757.279
Any
758.039
web
758.279
interface
758.6
used
759.24
for
759.62
signing
760.019
cryptocurrency
760.62
transactions
761.32
is,
762.32
by
762.72
definition,
763.48
a
763.82
potential
764.2
point
764.759
-of
764.96
-display
765.299
manipulation.
766.46
If
767.22
the
767.299
interface
767.639
can
767.96
be
768.179
subtly
768.58
modified,
769.399
through
769.799
compromise
770.34
of
770.74
its
770.84
hosting
771.22
infrastructure,
772.139
its
772.44
content
772.84
delivery
773.179
network,
774.039
its
774.32
source
774.62
code
774.84
repository,
775.82
or
776.139
its
776.299
deployment
776.799
pipeline,
777.72
a
777.96
signer
778.399
cannot,
778.799
in
779.12
most
779.34
implementations,
780.2
independently
780.86
verify
781.399
what
782.0
they
782.179
are
782.36
actually
782.72
signing.
783.72
Hardware
784.519
wallets
785.039
with
785.24
independent
785.7
transaction
786.22
display
786.799
are
787.559
a
787.759
partial
788.299
mitigation.
789.2
But
789.879
many
790.139
hardware
790.519
wallets
791.139
do
791.279
not
791.48
decode
792.08
complex
792.48
transaction
793.1
structures
793.779
like
794.379
delegate
794.779
call
795.039
in
795.62
human
796.0
-readable
796.34
form.
796.96
They
797.419
show
797.7
a
797.96
raw
798.279
hash.
798.96
A
799.399
user
799.759
staring
800.059
at
800.48
a
800.559
64
800.98
-character
801.62
hexadecimal
802.34
string
802.82
cannot
803.22
verify
803.659
its
804.039
meaning
804.379
by
804.62
inspection.
805.419
The
806.179
user
806.519
has
806.779
to
807.0
trust
807.399
the
807.82
interface.
810.2
North
810.899
Korea
811.279
demonstrated,
812.179
on
812.46
February
812.799
25,
813.98
2025,
815.059
the
815.6
cost
816.039
of
816.24
that
816.46
trust.
817.34
Fragment
817.98
zero
818.22
will
818.679
track
819.0
the
819.22
case
819.419
file.
819.94
The
820.539
stolen
820.86
funds
821.279
continue
821.879
to
822.179
fragment
822.62
across
822.94
the
823.299
global
823.639
blockchain.
824.559
Portions
825.299
remain
825.5
static
826.12
in
826.36
addresses
826.62
that
827.12
have
827.279
been
827.519
tagged
828.059
and
828.22
sanctioned.
829.019
Portions
829.779
continue
830.159
to
830.5
move.
831.08
The
831.659
FBI's
832.419
51
832.7
identified
833.24
addresses
833.899
have
834.32
grown
834.639
to
834.899
several
835.279
hundred
835.659
across
836.179
multiple
836.6
chains.
837.1
The
838.379
developer
838.879
at
839.259
SAFE,
839.759
whose
839.919
machine
840.299
was
840.6
compromised,
841.46
has
841.639
not
841.94
been
842.2
publicly
842.559
named.
843.279
The
844.0
specific
844.34
social
844.759
engineering
845.139
vector
845.679
used
846.139
to
846.299
reach
846.559
him
846.82
has
847.22
not
847.539
been
847.82
publicly
848.22
detailed.
849.34
The
850.059
Lazarus
850.519
Group
850.7
continues
851.24
to
851.679
operate.
852.639
In
853.36
the
853.46
months
853.759
following
854.259
the
854.539
Bybit
854.86
theft,
855.519
smaller
856.179
but
856.44
still
856.7
substantial
857.08
thefts,
857.919
measured
858.559
in
858.779
tens
859.08
of
859.299
millions
859.62
of
859.919
dollars,
860.519
have
860.879
been
861.08
attributed
861.44
to
861.82
the
861.899
same
862.259
infrastructure.
864.799
The
865.519
deeper
865.759
question
866.179
is
866.539
not
866.779
whether
867.08
cryptocurrency
867.32
can
868.039
be
868.159
stolen.
869.019
The
869.7
deeper
869.98
question
870.36
is
870.759
how
871.299
much
871.58
financial
871.96
infrastructure
872.639
now
873.159
relies
873.62
on
873.94
a
874.059
small
874.32
number
874.72
of
875.139
open
875.559
-source
875.82
interface
876.22
projects,
877.159
maintained
877.94
by
878.36
small
878.639
teams,
879.32
updated
880.039
through
880.36
live
880.72
deployment
881.1
pipelines,
882.0
consumed
882.639
through
883.0
web
883.259
browsers,
883.86
that
884.48
sit
884.74
between
885.039
billions
885.559
of
885.82
dollars
886.039
in
886.399
assets
886.779
and
887.299
the
887.419
humans
887.74
authorizing
888.519
them.
890.379
In
891.059
this
891.299
case,
891.74
the
892.08
number
892.419
of
892.58
people
892.899
who
893.12
could
893.299
have
893.419
prevented
893.799
the
894.1
largest
894.419
theft
894.84
in
895.059
history
895.44
was
896.039
one.
897.679
And
898.159
he
898.36
clicked
898.62
on
898.779
something.
