Unchained

North Korean Hackers Are Winning. Is the Crypto Industry Ready to Stop Them? - Ep. 789

Feb 25, 2025

Taylor Monahan, a security expert at MetaMask, joins to discuss the alarming rise of North Korean hackers, particularly the notorious Lazarus group, following the historic $1.5 billion Bybit hack. They delve into the mechanics of such sophisticated attacks, highlighting social engineering tactics that prey on unsuspecting employees. Monahan shares insights on how these hackers launder stolen funds and stresses the crypto industry's urgent need for improved security measures to combat these evolving threats.

01:27:05

Creator website

Episode guests

Taylor Monahan

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The Bybit hack, resulting in the theft of $1.5 billion, showcased severe vulnerabilities in the crypto industry's security protocols and practices.

North Korean hackers, particularly the Lazarus group, rely on social engineering tactics and compartmentalization to execute sophisticated cyberheists while laundering stolen funds.

Experts emphasize the urgent need for a collaborative response within the crypto industry to enhance security measures and mitigate future hacking threats.

Deep dives

Low Trust Environment of North Korean Hackers

North Korean threat actors operate within a very low trust environment, which significantly influences the dynamics of their hacking and laundering operations. Individual operatives often do not trust each other, leading to an atmosphere where everyone is suspicious of their peers and superiors. This mistrust requires hackers to work in a highly compartmentalized fashion, making it difficult for them to rely on team cohesion as seen in Western cultures. The culture of distrust impacts their efficiency, as they must ensure that every transaction and operation is closely monitored to prevent betrayal.

Intro

2min

The Bybit Breach: Lessons in Crypto Security

14min

Enhancing Ethereum Security Against Blind Signing Attacks

2min

The Importance of Transaction Vigilance in Crypto Security

3min

Exploring North Korean Cyber Attacks on Cryptocurrency Systems

4min

Navigating Crypto Crisis: North Korean Hacking Tactics

23min

Cryptocurrency Vulnerabilities and North Korean Hacking Tactics

13min

Securing Cryptocurrency: Combatting Fraud and Laundering

24min

$1.5 billion gone in an instant. And what’s worse, to fund a nuclear weapons program.

The largest crypto hack in history just hit Bybit, and the culprit is the infamous North Korean hacking group, Lazarus. Known for some of the most sophisticated cyber heists ever, they often use social engineering tactics and start by tricking low level employees. Although they can often wait to launder funds, in the case of Bybit they started right away.

How did this happen? Could it have been prevented? And what does this mean for the security of the entire crypto industry?

Taylor Monahan, security at MetaMask, and Jonty, a senior investigator at zeroShadow, talk all about it.

Show highlights:

2:53 Taylor’s and Jonty’s backgrounds and why they are relevant to this discussion
6:06 What the mechanics of the hack were
13:03 How Lazarus usually operates and the tactic of blind signing
17:11 Jonty’s important tips for people handling large amounts of crypto
23:45 How Bybit was able to say almost immediately that their other assets were secure
29:02 How much exchanges typically hold in each cold wallet
32:00 Why the evidence of the hack points to North Korean group Lazarus
41:01 Why North Korean hackers don’t care if their attack is linked to them
49:30 How Lazarus typically social engineers its hacks
53:48 Why Jonty thinks the industry needs a serious upgrade in terms of security
58:08 How the funds get laundered in such cases and what the industry can do
1:09:54 The chances Lazarus actually makes money from the hack
1:15:34 How DeFi protocols should approach this problem

Visit our website for breaking news, analysis, op-eds, articles to learn about crypto, and much more: unchainedcrypto.com

Thank you to our sponsors!

Guests:

Taylor Monahan, Security at MetaMask
Jonty, a senior investigator at zeroShadow

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Unchained

North Korean Hackers Are Winning. Is the Crypto Industry Ready to Stop Them? - Ep. 789

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Low Trust Environment of North Korean Hackers

Details of the Bybit Hack

Inefficacies in Crypto Security Practices

Laundering Techniques Employed by North Korea

The Need for a Collective Response in Crypto

Show highlights:

Thank you to our sponsors!

Guests:

Links

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Unchained

North Korean Hackers Are Winning. Is the Crypto Industry Ready to Stop Them? - Ep. 789

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Low Trust Environment of North Korean Hackers

Details of the Bybit Hack

Inefficacies in Crypto Security Practices

Laundering Techniques Employed by North Korea

The Need for a Collective Response in Crypto

Show highlights:

Thank you to our sponsors!

Guests:

Links

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights