The North Korean hackers stole $ 1.4 billion from the bibit after dissolving Safe’s Mac laptop through a fake stock investment project, which helped them bypass AWS security, the Mandiant reveals.
According to the Mandient investigation, the $ 1.4 billion of the baibit, which is now the biggest crypto theft in history, has been started with malware from a fake stock investment project, which compromised the MAC laptop of safe and bypassing Amazon Web Services Security.
In 1 March 6 article On X, Safe revealed that North Korean Hacking Group was compromised with a safe {wallet} Developer’s laptop, “Developer 1”, and used the stolen session tokens to bypass the multi-factor authentication.
According to the mandient investigation, the breech occurred on 4 February, when presenting a Dokar Project – as “Stock Investment Simulator” – was downloaded to Mac of Developer 1. Project interacted with a suspected domain[.]com), leading to the installation of malware.
It is not clear what developer 1 has been forced to download malware through workstation, but investigation states that similar social engineering strategy has already been used by the hacking group in previous attacks.
The mandient report also found that the attackers kidnapped AWS MFA active user session tokens, kidnapped and bypassed through malware at developer 1 workstation. These kidnapped tokens allowed hackers to reach AWS services without the need to pass the MFA check. The attack was conducted with an IP address associated with a VPN service and safety equipment designed for aggressive hacking according to the report.
“There are some intervals in fully fixing some aspects of the attack as the attacker removed his malware and cleaned the bash history in an attempt to thwart investigation attempts.”
Safe
As an predecessor remedy, safe {wallet} reset its infrastructure, which restricts external access. It also claims to detect malicious transactions with the blockchain security firm. According to Safe, its smart contracts were not affected by breech.
The Cryptocurrency Exchange Bibit revealed in early March that about 20% of the stolen funds are now inaccessible, less than two weeks after two weeks of losing $ 1.46 billion of the exchange in a highly sophisticated attack. In an X post, Bibit CEO Ben Zhou revealed that about 77% of the theft is to detect, but the mixture is about 20% “darkness” through services.
