Bybit $1.4B Hack Post-Mortem: How North Korea's Lazarus Group Targeted Cold Wallets
A detailed technical analysis of the Bybit hack reveals how the Lazarus Group used a novel multi-signature compromise technique to drain cold storage wallets undetected.
The technical post-mortem of the Bybit $1.4B hack reveals one of the most sophisticated cryptocurrency theft operations ever documented. The Lazarus Group, a North Korean state-sponsored hacker collective, used a previously undocumented multi-signature wallet compromise technique that bypassed standard cold storage security measures.
Attack Vector
The attackers compromised three of five signers for Bybit's Ethereum cold wallet through targeted spear-phishing campaigns that installed custom malware capable of intercepting hardware wallet signing requests. The malware modified transaction destinations while displaying correct addresses to signers.
