A series of third-party forensic investigations into the recent Bybit exploit revealed that compromised SafeWallet credentials led to more than $1.4 billion worth of Ether (ETH) being stolen by North Korea’s Lazarus Group.
On Feb. 26, Bybit confirmed that forensic reviews conducted by Sygnia and Verichains revealed that “the credentials of a Safe developer were compromised [...] which allowed the attacker to gain unauthorized access to the Safe(Wallet) infrastructure and totally deceive signers into approving a malicious transaction.”
According to Sygnia’s report, the attack originated from a “malicious JavaScript code” injected into SafeWallet’s Amazon Web Services infrastructure.
The findings were also confirmed by the SafeWallet developer, which said it had “added security measures to eliminate the attack vector.”
“The Safe(Wallet) team has fully rebuilt, reconfigured all infrastructure, and rotated all credentials, ensuring the attack vector is fully eliminated,” the announcement said.
The SafeWallet team issues a full statement on social media. Source: Safe
The forensic experts and Safe confirmed that Bybit’s infrastructure was not compromised in the hack.
Related: Bybit $1.4B hack investigators tie over 11K wallets to North Korean hackers
Bybit suffers biggest crypto hack in history
The Bybit attack was carried out on Feb. 21 when Lazarus Group hackers stole more than $1.4 billion worth of liquid-staked Ether (STETH).
As Cointelegraph reported, the Bybit exploit was the largest in crypto history, dwarfing the 2022 Ronin Network attack and the 2021 Poly Network heist. The single attack also represented more than 60% of all crypto funds that were stolen last year, based on Cyvers data.
In the wake of the attack, Bybit quickly replenished users’ crypto assets and maintained operations without significant downtime. To meet customer withdrawals, the exchange borrowed 40,000 ETH from Bitget. Those funds have since been repaid to Bitget.
In total, the exchange restored its reserves through a combination of loans, asset purchases and large holder deposits.
Bybit CEO Ben Zhou also confirmed that the exchange is “back to 100%” full backing on client assets.
Source: Ben Zhou
Nevertheless, the attack has rattled investor confidence, leading to a sharp drop in Ether and the broader cryptocurrency market.