Close Menu
Global News HQ
    What's Hot

    I Travel All Over Europe With My 70-year-old Mom, and We Won’t Go Anywhere Without These 12 Essentials

    June 8, 2025

    Essential Guide to Crafting a Successful Daycare Business Plan

    June 8, 2025

    Mini Motorways is getting a creative mode

    June 8, 2025
    Recent Posts
    • I Travel All Over Europe With My 70-year-old Mom, and We Won’t Go Anywhere Without These 12 Essentials
    • Essential Guide to Crafting a Successful Daycare Business Plan
    • Mini Motorways is getting a creative mode
    • Is Hims & Hers Health a Smart Buy Right Now? | The Motley Fool
    • Cudis Bets on Wearables, AI and a Solana Token to Drive the Longevity Movement – Decrypt
    Facebook X (Twitter) Instagram YouTube TikTok
    Trending
    • I Travel All Over Europe With My 70-year-old Mom, and We Won’t Go Anywhere Without These 12 Essentials
    • Essential Guide to Crafting a Successful Daycare Business Plan
    • Mini Motorways is getting a creative mode
    • Is Hims & Hers Health a Smart Buy Right Now? | The Motley Fool
    • Cudis Bets on Wearables, AI and a Solana Token to Drive the Longevity Movement – Decrypt
    • DappRadar: DeFi and NFT Upticks in May Could Mark Start of Recovery
    • Teddi Mellencamp & Edwin Arroyave Reunite for Their Daughter’s Latest Milestone | Bravo
    • The Secret to Staying Strong as You Age May be This Type of Workout
    Global News HQ
    • Technology & Gadgets
    • Travel & Tourism (Luxury)
    • Health & Wellness (Specialized)
    • Home Improvement & Remodeling
    • Luxury Goods & Services
    • Home
    • Finance & Investment
    • Insurance
    • Legal
    • Real Estate
    • More
      • Cryptocurrency & Blockchain
      • E-commerce & Retail
      • Business & Entrepreneurship
      • Automotive (Car Deals & Maintenance)
    Global News HQ
    Home - Cryptocurrency & Blockchain - Safe’s internal investigation reveals developer’s laptop breach led to Bybit hack
    Cryptocurrency & Blockchain

    Safe’s internal investigation reveals developer’s laptop breach led to Bybit hack

    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Safe’s internal investigation reveals developer’s laptop breach led to Bybit hack
    Share
    Facebook Twitter LinkedIn Pinterest Email



    Safe published a preliminary report on Mar. 6 attributing the breach that led to the Bybit hack to a compromised developer laptop. The vulnerability resulted in the injection of malware, which allowed the hack.

    The perpetrators circumvented multi-factor authentication (MFA) by exploiting active Amazon Web Services (AWS) tokens, enabling unauthorized access.

    This allowed hackers to modify Bybit’s Safe multi-signature wallet interface, changing the address to which the exchange was supposed to send roughly $1.5 billion worth of Ethereum (ETH), resulting in the largest hack in history.

    Compromise of developer workstation

    The breach originated from a compromised macOS workstation belonging to a Safe developer, referred to in the report as “Developer1.”

    On Feb. 4, a contaminated Docker project communicated with a malicious domain named “getstockprice[.]com,” suggesting social engineering tactics. Developer 1 added files from the compromised Docker project, compromising their laptop.

    The domain was registered via Namecheap on Feb. 2. SlowMist later identified getstockprice[.]info, a domain registered on Jan. 7, as a known indicator of compromise (IOC) attributed to the Democratic People’s Republic of Korea (DPRK). 

    Attackers accessed Developer 1’s AWS account using a User-Agent string titled “distrib#kali.2024.” Cybersecurity firm Mandiant, tracking UNC4899, noted that this identifier corresponds to Kali Linux usage, a toolset commonly used by offensive security practitioners. 

    Additionally, the report revealed that the attackers used ExpressVPN to mask their origins while conducting operations. It also highlighted that the attack resembles previous incidents involving UNC4899, a threat actor associated with TraderTraitor, a criminal collective allegedly tied to DPRK. 

    In a prior case from September 2024, UNC4899 leveraged Telegram to manipulate a crypto exchange developer into troubleshooting a Docker project, deploying PLOTTWIST, a second-stage macOS malware that enabled persistent access.

    Exploitation of AWS security controls

    Safe’s AWS configuration required MFA re-authentication for Security Token Service (STS) sessions every 12 hours. Attackers attempted but failed to register their own MFA device. 

    To bypass this restriction, they hijacked active AWS user session tokens through malware planted on Developer1’s workstation. This allowed unauthorized access while AWS sessions remained active.

    Mandiant identified three additional UNC4899-linked domains used in the Safe attack. These domains, also registered via Namecheap, appeared in AWS network logs and Developer1’s workstation logs, indicating broader infrastructure exploitation.

    Safe said it has implemented significant security reinforcements following the breach. The team has restructured infrastructure and bolstered security far beyond pre-incident levels. Despite the attack, Safe’s smart contracts remain unaffected.

    Safe’s security program included measures such as restricting privileged infrastructure access to a few developers, enforcing separation between development source code and infrastructure management, and requiring multiple peer reviews before production changes.

    Moreover, Safe vowed to maintain monitoring systems to detect external threats, conduct independent security audits, and utilize third-party services to identify malicious transactions.

    Mentioned in this article



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleAmazon CLO David Zapolsky on His SLOBS Risk-Reward Test, Why He Sorts Emails Oldest to Newest and How He Keeps His Life in Kilter
    Next Article US backtracks on Canada-Mexico tariffs in latest sharp shift on trade

    Related Posts

    Cudis Bets on Wearables, AI and a Solana Token to Drive the Longevity Movement – Decrypt

    June 8, 2025

    DappRadar: DeFi and NFT Upticks in May Could Mark Start of Recovery

    June 8, 2025

    XRP Price Risks Plummeting Below $2 As Sellers Take Control

    June 8, 2025

    Spot Ether ETFs 15-day inflow streak accumulates $837.5M inflows

    June 7, 2025
    Leave A Reply Cancel Reply

    ads
    Don't Miss
    Travel & Tourism (Luxury)
    9 Mins Read

    I Travel All Over Europe With My 70-year-old Mom, and We Won’t Go Anywhere Without These 12 Essentials

    As an adult, I’ve always found traveling with a parent feels a little backwards. Suddenly,…

    Essential Guide to Crafting a Successful Daycare Business Plan

    June 8, 2025

    Mini Motorways is getting a creative mode

    June 8, 2025

    Is Hims & Hers Health a Smart Buy Right Now? | The Motley Fool

    June 8, 2025
    Top
    Travel & Tourism (Luxury)
    9 Mins Read

    I Travel All Over Europe With My 70-year-old Mom, and We Won’t Go Anywhere Without These 12 Essentials

    As an adult, I’ve always found traveling with a parent feels a little backwards. Suddenly,…

    Essential Guide to Crafting a Successful Daycare Business Plan

    June 8, 2025

    Mini Motorways is getting a creative mode

    June 8, 2025
    Our Picks
    Travel & Tourism (Luxury)
    9 Mins Read

    I Travel All Over Europe With My 70-year-old Mom, and We Won’t Go Anywhere Without These 12 Essentials

    As an adult, I’ve always found traveling with a parent feels a little backwards. Suddenly,…

    Business & Entrepreneurship
    10 Mins Read

    Essential Guide to Crafting a Successful Daycare Business Plan

    Key TakeawaysA solid daycare business plan is essential for outlining goals, guiding operations, and securing…

    Pages
    • About Us
    • Contact Us
    • Disclaimer
    • Homepage
    • Privacy Policy
    Facebook X (Twitter) Instagram YouTube TikTok
    • Home
    © 2025 Global News HQ .

    Type above and press Enter to search. Press Esc to cancel.

    Go to mobile version