Close Menu
Altcoin ObserverAltcoin Observer
  • Regulation
  • Bitcoin
  • Altcoins
  • Market
  • Analysis
  • DeFi
  • Security
  • Ethereum
Categories
  • Altcoins (3,621)
  • Analysis (3,723)
  • Bitcoin (4,351)
  • Blockchain (2,157)
  • DeFi (2,623)
  • Ethereum (2,760)
  • Event (119)
  • Exclusive Deep Dive (1)
  • Landscape Ads (2)
  • Market (2,714)
  • Press Releases (12)
  • Reddit (2,847)
  • Regulation (2,474)
  • Security (4,009)
  • Thought Leadership (3)
  • Videos (44)
Hand picked
  • Aave V4 Surpasses $250 Million – But Liquidity Challenge Remains
  • 3 Things That Could Impact Crypto Markets This Week
  • Ethereum Foundation Veteran Admits ETH Lacks Clear Value Story
  • XRP Holds $1 Line as Altcoin Traders Wait for Instructions
  • Why is GWEI up 18% today? US volume, short squeeze risks and more…
We are social
  • Facebook
  • Twitter
  • Instagram
  • YouTube
Facebook X (Twitter) Instagram
  • About us
  • Disclaimer
  • Terms of service
  • Privacy policy
  • Contact us
Facebook X (Twitter) Instagram YouTube LinkedIn
Altcoin ObserverAltcoin Observer
  • Regulation
  • Bitcoin
  • Altcoins
  • Market
  • Analysis
  • DeFi
  • Security
  • Ethereum
Events
Altcoin ObserverAltcoin Observer
Home»Ethereum»Safe’s internal survey reveals that the developer’s laptop’s laptop was led to Bybit Hack
Ethereum

Safe’s internal survey reveals that the developer’s laptop’s laptop was led to Bybit Hack

March 8, 2025No Comments
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Hack bybit.jpg
Share
Facebook Twitter LinkedIn Pinterest Email



Safe published a preliminary report On March 6, attributing the violation which led to the hacking of bybt to a compromised developer laptop. Vulnerability has led to the injection of malware, which allowed hacking.

The authors bypassed multi-factory authentication (MFA) by operating the Amaton Web Services (AWS) tokens (AWS), allowing unauthorized access.

This allowed the pirates to modify the multi-signature portfolio interface of Bybit, modifying the address to which the exchange was supposed to send about 1.5 billion dollars of Ethereum (ETH), which resulted in the greatest hacking in history.

Compromise of the developer workstation

The violation comes from a compromise macOS workstation belonging to a safe developer, called in the “Developer1” report.

On February 4, a contaminated Docker project communicated with a malicious area called “GetstockPrice (.) Com”, suggesting social engineering tactics. Developer 1 added files from the Docker Compromise project, compromising their laptop.

The domain was recorded via Namecheap on February 2. Slowmist then identified GetstockPrice (.) Info, an area recorded on January 7, as an indicator known to the compromise (CIO) attributed to the Democratic People’s Republic of Korea (DPRC).

The attackers acceded to developer 1 AWS account using a user agent chain entitled “Distrib # Kali.2024”. The mandiant cybersecurity company, following UNC4899, noted that this identifier corresponds to the use of Kali Linux, a set of tools commonly used by offensive safety practitioners.

In addition, the report revealed that the attackers used ExpressVPN to hide their origins when carrying out operations. He too Stressed that the attack resembles previous incidents involving UNC4899, a threat actor associated with Traderraitor, a criminal collective allegedly linked to RPDC.

In an earlier case from September 2024, UNC4899 operated Telegram to manipulate an crypto exchange developer in the troubleshooting of a Docker project, deployment of Plottwist, a second -stage macos malware which allowed persistent access.

Operating AWS security checks

SAFE’s AWS configuration requested MFA Réauthetification for Safety Token Service (STS) every 12 hours. The attackers tried but failed to record their own MFA device.

To get around this restriction, they diverted the AWS active user session tokens via malware planted on the Developer1 work station. This allowed unauthorized access when the AWS sessions remained active.

Mandiant has identified three areas related to an additional UNC4899 used in the safe attack. These areas, also recorded via Namecheap, appeared in AWS Network Logs and the Developer1 work logs, indicating a broader exploitation of infrastructure.

Safe said that he had implemented significant security reinforcements following the violation. The team restructured infrastructure and strengthened security far beyond the preliminary levels. Despite the attack, Safe’s smart contracts do not remain affected.

Safe’s security program included measures such as restriction of access to privileged infrastructure to a few developers, applying the separation between the source of development and the management of infrastructure, and requiring several peers’ journals before changes in production.

In addition, he has committed safely to maintain surveillance systems to detect external threats, perform independent security audits and use third -party services to identify malware.

Mentioned in this article



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleAnon, Avaa and Layer are available for trading!
Next Article Blockchain, the crypto comes to Hud?

Related Posts

Ethereum

Ethereum divides into three power centers and ETH treasury companies pay two of them.

July 2, 2026
Ethereum

Ethereum for Governments and Institutions: Why Neutral Infrastructure Matters Now

July 1, 2026
Ethereum

Ethereum’s oldest wallets sell off at the $1,500 demand line that buyers can’t dodge

June 27, 2026
Add A Comment
Leave A Reply Cancel Reply

Single Page Post
Share
  • Facebook
  • Twitter
  • Instagram
  • YouTube
Featured Content
Event

Dutch Blockchain Week 2026 strengthens position as Europe’s leading B2B blockchain event week

April 14, 2026

Amsterdam, April 2026 – Dutch Blockchain Week 2026 is rapidly evolving into one of Europe’s…

Event

Global Games Show Riyadh: The Ultimate Creator & Influencer Hub

March 31, 2026

The fast-evolving gaming ecosystem of Riyadh is powered by solid national investment, a flourishing esports…

1 2 3 … 82 Next
  • Facebook
  • Twitter
  • Instagram
  • YouTube

Aave V4 Surpasses $250 Million – But Liquidity Challenge Remains

July 6, 2026

Why is GWEI up 18% today? US volume, short squeeze risks and more…

July 6, 2026

Why VELVET’s 12% Drop Could Be the Start of a Bullish Pattern

July 5, 2026
Facebook X (Twitter) Instagram LinkedIn
  • About us
  • Disclaimer
  • Terms of service
  • Privacy policy
  • Contact us
© 2026 Altcoin Observer. all rights reserved by Tech Team.

Type above and press Enter to search. Press Esc to cancel.

bitcoin
Bitcoin (BTC) $ 63,163.00
ethereum
Ethereum (ETH) $ 1,775.77
tether
Tether (USDT) $ 0.999004
bnb
BNB (BNB) $ 583.37
usd-coin
USDC (USDC) $ 0.999735
xrp
XRP (XRP) $ 1.14
solana
Solana (SOL) $ 80.73
tron
TRON (TRX) $ 0.328501
figure-heloc
Figure Heloc (FIGR_HELOC) $ 1.01
staked-ether
Lido Staked Ether (STETH) $ 2,265.05