CyberWire Daily Bybit’s $1.4B breach. [Research Saturday]
9 snips
Apr 5, 2025 
Zach Edwards, a researcher at Silent Push who specializes in North Korean cyberattacks and cryptocurrency heists, uncovers the dark intricacies of the $1.4 billion Bybit hack. He reveals how Lazarus Group's tactics, like fake job scams and VPN usage, pose significant risks to crypto users. The discussion highlights alarming connections to state-sponsored cybercrime and offers insights on improving cybersecurity through community collaboration. Edwards' research illustrates the urgent need for vigilance against the ever-evolving threat landscape in cryptocurrency.
AI Snips
Chapters
Transcript
Episode notes
Bybit Hack and Lazarus Group Link
- The Bybit hack, a $1.4 billion crypto heist, prompted investigation into Lazarus Group.
- Researchers found the domain bybit-assessment[.]com, registered hours before the attack, linked to Lazarus.
Lazarus Subgroup Targeting
- The bybit-assessment[.]com domain was used by Contagious Interview, a Lazarus subgroup, not the group behind the Bybit heist (TraderTraitor).
- Different Lazarus subgroups target the same companies, providing opportunities to understand other North Korean threat actors.
Lazarus Attack Method
- Lazarus targeted SafeWallet developers, likely through phishing, and compromised a developer's device.
- They altered code to redirect Bybit's transfer to their wallet, stealing the funds and laundering them quickly.