CyberWire Daily

Bybit’s $1.4B breach. [Research Saturday]

Apr 5, 2025

Zach Edwards, a researcher at Silent Push who specializes in North Korean cyberattacks and cryptocurrency heists, uncovers the dark intricacies of the $1.4 billion Bybit hack. He reveals how Lazarus Group's tactics, like fake job scams and VPN usage, pose significant risks to crypto users. The discussion highlights alarming connections to state-sponsored cybercrime and offers insights on improving cybersecurity through community collaboration. Edwards' research illustrates the urgent need for vigilance against the ever-evolving threat landscape in cryptocurrency.

35:32

Creator website

Episode guests

Zach Edwards

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The investigation into the $1.4 billion Bybit hack uncovered links to the Lazarus Group through new, malicious domains indicating sophisticated planning.

Research highlights that traditional AppSec methods often fail to mitigate genuine risks, emphasizing the need to focus on the most impactful security issues.

Deep dives

Ineffective AppSec Programs and Their Costs

Many application security (AppSec) programs are failing to effectively reduce real risk, as highlighted by the alarming statistic that 95% of fixes do not address genuine threats. The conventional prioritization methods employed by traditional tools are often too generic, leading to an overwhelming number of alerts that can obscure high-impact threats. This inundation with critical alerts not only distracts teams but also results in significant financial implications, with threats that slip through costing ten times more to remediate after they reach production. Companies like Ox Security are now advocating for a more focused approach, directing attention towards the 5% of issues that truly matter before they can escalate in the cloud.

Intro

2min

Unraveling the Bybit Hack

13min

Enhancing Threat Detection Through Collaboration

3min

Insidious Recruitment Tactics of Lazarus Cyber Threats in the Crypto Sector

4min

Navigating Cybersecurity Threats in the Crypto Industry

5min

Uncovering Vulnerabilities: The Exposed Server Incident

3min

The Persistent Threat of North Korean Cybercrime in Cryptocurrency

2min

Zach Edwards from Silent Push is discussing their work on "New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks." Silent Push analysts uncovered significant infrastructure used by the Lazarus APT Group, linking them to the $1.4 billion Bybit crypto heist through the domain bybit-assessment[.]com registered just hours before the attack.

The investigation revealed a pattern of test entries, VPN usage, and fake job interview scams targeting crypto users, with malware deployment tied to North Korean threat actor groups like TraderTraitor and Contagious Interview. The team also identified numerous companies being impersonated in these scams, including major crypto platforms like Coinbase, Binance, and Kraken, to alert potential victims.

The research can be found here:

Silent Push Pivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

Bybit’s $1.4B breach. [Research Saturday]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Ineffective AppSec Programs and Their Costs

Insights from the Bybit Hack Investigation

The Complexity of North Korean Cyber Threats

The research can be found here:

Remember Everything You Learn from Podcasts