SafeWallet, in collaboration with cybersecurity firm Mandiant, has released a detailed post-mortem report on the Bybit hack, which resulted in the theft of approximately $1.4 billion in cryptocurrency

  • News event
  • Claim

Name

SafeWallet, in collaboration with cybersecurity firm Mandiant, has released a detailed post-mortem report on the Bybit hack, which resulted in the theft of approximately $1.4 billion in cryptocurrency

Description

SafeWallet, in collaboration with Mandiant, released a post-mortem report on the Bybit hack, which resulted in the theft of $1.4 billion in cryptocurrency. The report revealed that North Korean hackers exploited an AWS session token from a compromised developer, injecting malicious code into SafeWallet’s UI to target Bybit users. The incident highlights critical security vulnerabilities in crypto platforms.

Types

News event
Claim

Event date

12:00am, Thursday, March 6, 2025

Quotes that support claims

According to a forensic analysis conducted by SafeWallet and cybersecurity firm Mandiant, the hacking group hijacked a Safe developer’s Amazon Web Services (AWS) session tokens to bypass the multifactor authentication security measures put in place by the firm.
Mandiant’s forensic analysis also confirmed that the hackers were North Korean state actors who took 19 days to prepare and execute the attack.
Safe published a preliminary report on Mar. 6 attributing the breach that led to the Bybit hack to a compromised developer laptop. The vulnerability resulted in the injection of malware, which allowed the hack.
The developer of SafeWallet has released a post-mortem report detailing the cybersecurity exploit that led to the $1.4 billion hack against Bybit in February.

Referenced by

Summary

Crypto news

Data block