Close Menu
Global News HQ
    What's Hot

    Lucite Is the Trending Furniture with Lasting Appeal—Designers Reveal Top Styling Tips

    June 28, 2025

    Why Investing Abroad Could Pay Off

    June 28, 2025

    NYC real estate reels from primary, while big deals emerged

    June 28, 2025
    Recent Posts
    • Lucite Is the Trending Furniture with Lasting Appeal—Designers Reveal Top Styling Tips
    • Why Investing Abroad Could Pay Off
    • NYC real estate reels from primary, while big deals emerged
    • How to Master Leadership and Prevent ‘Owner Bottleneck’ From Hindering Your Team
    • The best iRobot vacuums of 2025: Expert tested and reviewed
    Facebook X (Twitter) Instagram YouTube TikTok
    Trending
    • Lucite Is the Trending Furniture with Lasting Appeal—Designers Reveal Top Styling Tips
    • Why Investing Abroad Could Pay Off
    • NYC real estate reels from primary, while big deals emerged
    • How to Master Leadership and Prevent ‘Owner Bottleneck’ From Hindering Your Team
    • The best iRobot vacuums of 2025: Expert tested and reviewed
    • Don’t Toss Old Cardboard! 5 Ways to Reuse It in Your Garden for Better Soil and Fewer Pests
    • Ralph Pucci Marks 70 Years with ‘PURE’ at Château La Coste – Elite Traveler
    • Weekly Horoscope For June 30-July 6, 2025, From The AstroTwins
    Global News HQ
    • Technology & Gadgets
    • Travel & Tourism (Luxury)
    • Health & Wellness (Specialized)
    • Home Improvement & Remodeling
    • Luxury Goods & Services
    • Home
    • Finance & Investment
    • Insurance
    • Legal
    • Real Estate
    • More
      • Cryptocurrency & Blockchain
      • E-commerce & Retail
      • Business & Entrepreneurship
      • Automotive (Car Deals & Maintenance)
    Global News HQ
    Home - Cryptocurrency & Blockchain - Safe’s internal investigation reveals developer’s laptop breach led to Bybit hack
    Cryptocurrency & Blockchain

    Safe’s internal investigation reveals developer’s laptop breach led to Bybit hack

    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Safe’s internal investigation reveals developer’s laptop breach led to Bybit hack
    Share
    Facebook Twitter LinkedIn Pinterest Email



    Safe published a preliminary report on Mar. 6 attributing the breach that led to the Bybit hack to a compromised developer laptop. The vulnerability resulted in the injection of malware, which allowed the hack.

    The perpetrators circumvented multi-factor authentication (MFA) by exploiting active Amazon Web Services (AWS) tokens, enabling unauthorized access.

    This allowed hackers to modify Bybit’s Safe multi-signature wallet interface, changing the address to which the exchange was supposed to send roughly $1.5 billion worth of Ethereum (ETH), resulting in the largest hack in history.

    Compromise of developer workstation

    The breach originated from a compromised macOS workstation belonging to a Safe developer, referred to in the report as “Developer1.”

    On Feb. 4, a contaminated Docker project communicated with a malicious domain named “getstockprice[.]com,” suggesting social engineering tactics. Developer 1 added files from the compromised Docker project, compromising their laptop.

    The domain was registered via Namecheap on Feb. 2. SlowMist later identified getstockprice[.]info, a domain registered on Jan. 7, as a known indicator of compromise (IOC) attributed to the Democratic People’s Republic of Korea (DPRK). 

    Attackers accessed Developer 1’s AWS account using a User-Agent string titled “distrib#kali.2024.” Cybersecurity firm Mandiant, tracking UNC4899, noted that this identifier corresponds to Kali Linux usage, a toolset commonly used by offensive security practitioners. 

    Additionally, the report revealed that the attackers used ExpressVPN to mask their origins while conducting operations. It also highlighted that the attack resembles previous incidents involving UNC4899, a threat actor associated with TraderTraitor, a criminal collective allegedly tied to DPRK. 

    In a prior case from September 2024, UNC4899 leveraged Telegram to manipulate a crypto exchange developer into troubleshooting a Docker project, deploying PLOTTWIST, a second-stage macOS malware that enabled persistent access.

    Exploitation of AWS security controls

    Safe’s AWS configuration required MFA re-authentication for Security Token Service (STS) sessions every 12 hours. Attackers attempted but failed to register their own MFA device. 

    To bypass this restriction, they hijacked active AWS user session tokens through malware planted on Developer1’s workstation. This allowed unauthorized access while AWS sessions remained active.

    Mandiant identified three additional UNC4899-linked domains used in the Safe attack. These domains, also registered via Namecheap, appeared in AWS network logs and Developer1’s workstation logs, indicating broader infrastructure exploitation.

    Safe said it has implemented significant security reinforcements following the breach. The team has restructured infrastructure and bolstered security far beyond pre-incident levels. Despite the attack, Safe’s smart contracts remain unaffected.

    Safe’s security program included measures such as restricting privileged infrastructure access to a few developers, enforcing separation between development source code and infrastructure management, and requiring multiple peer reviews before production changes.

    Moreover, Safe vowed to maintain monitoring systems to detect external threats, conduct independent security audits, and utilize third-party services to identify malicious transactions.

    Mentioned in this article



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleAmazon CLO David Zapolsky on His SLOBS Risk-Reward Test, Why He Sorts Emails Oldest to Newest and How He Keeps His Life in Kilter
    Next Article US backtracks on Canada-Mexico tariffs in latest sharp shift on trade

    Related Posts

    XRP spikes 3% after Garlinghouse says Ripple dropping SEC cross-appeal

    June 28, 2025

    Gemini launches tokenized US stock trading in EU starting with MSTR

    June 28, 2025

    Ripple drops cross-appeal as SEC set to follow, closing XRP case

    June 28, 2025

    Public Keys: Copycat Lawsuits for Bitcoin Giant Strategy, Coinbase Hits All-Time High – Decrypt

    June 28, 2025
    Leave A Reply Cancel Reply

    ads
    Don't Miss
    Home Improvement & Remodeling
    6 Mins Read

    Lucite Is the Trending Furniture with Lasting Appeal—Designers Reveal Top Styling Tips

    Key Takeaways Lucite’s translucent nature keeps rooms feeling open and airy, making it great for…

    Why Investing Abroad Could Pay Off

    June 28, 2025

    NYC real estate reels from primary, while big deals emerged

    June 28, 2025

    How to Master Leadership and Prevent ‘Owner Bottleneck’ From Hindering Your Team

    June 28, 2025
    Top
    Home Improvement & Remodeling
    6 Mins Read

    Lucite Is the Trending Furniture with Lasting Appeal—Designers Reveal Top Styling Tips

    Key Takeaways Lucite’s translucent nature keeps rooms feeling open and airy, making it great for…

    Why Investing Abroad Could Pay Off

    June 28, 2025

    NYC real estate reels from primary, while big deals emerged

    June 28, 2025
    Our Picks
    Home Improvement & Remodeling
    6 Mins Read

    Lucite Is the Trending Furniture with Lasting Appeal—Designers Reveal Top Styling Tips

    Key Takeaways Lucite’s translucent nature keeps rooms feeling open and airy, making it great for…

    Finance & Investment
    11 Mins Read

    Why Investing Abroad Could Pay Off

    Each day, hundreds of millions of market participants around the world follow the news and…

    Pages
    • About Us
    • Contact Us
    • Disclaimer
    • Homepage
    • Privacy Policy
    Facebook X (Twitter) Instagram YouTube TikTok
    • Home
    © 2025 Global News HQ .

    Type above and press Enter to search. Press Esc to cancel.

    Go to mobile version