this interview w/one of the only #cybersecurity people in the crypto industry who has any idea what he's talking about goes through all the incredible failures at every level of both #Bybit & #SafeWallet (whose main product is #GnosisSafe, AKA "the most important smart contract in the industry"), from the most basic opsec to permissioning to whatever, is a fun time if you're interested in that kind of thing.

tl;dr the whole crypto industry is an absolute clown car. a clown car that stores $1.4 billion in a single account that the entire C-suite can access.

https://www.youtube.com/watch?v=W82FxAK9Acg

#infosec #LazarusGroup #NorthKorea #DPRK #crypto

#Bybit released the conclusions of their investigation into how they got rekt for $1.4 billion by North Korea's #LazarusGroup. Summary:

1. (background) Bybit were dumb enough to store billions of dollars in a single wallet contract using software from a company called SafeWallet (a "Gnosis Safe")

2. A dev machine of SafeWallet (name is lol) was compromised by Lazarus and used to access SafeWallet's cloud data stores (S3)

3. malicious JavaScript was pushed to the cloud drive and eventually distributed in a release (?).

4. The malicious JavaScript code targeted specifically the Bybit contract address to change the content of the transaction during the signing / approval process.

* Bybit reports: https://docsend.com/view/s/rmdi832mpt8u93s7#
* Full Statement from SafeWallet: https://x.com/safe/status/1894768522720350673

in a normal world Bybit could probably sue SafeWallet, but I'm sure SafeWallet barely exists as an entity.

#infosec #cybersecurity #safewallet #gnosissafe #ethereum #DPRK #NorthKorea #crime #hackers #blackhat