In this episode of ITWEB TV, Hendrik de Bruin, head of the SADC Security Consulting at Check Pointware Technologies, explains how bybit’s hacking happened, which is behind it and how crypto exchanges can protect themselves from these attacks. #Bybithack
Cryptocurrency hacks are expected to continue until adequate regulations are set up to mitigate these threats, said Hendrik de Bruin, head of Sadc Security Consulting at Check Pointware Technologies, in an interview with ITWEB TV.
Bruin was expressed after the Courpto-Monnaie exchange exchange based in Dubai was hacked by around 400,000 Ethereum, worth 1.5 billion dollars. This incident is considered the largest cryptocurrency exchange hack to date.
The attack was widely attributed to the North Korean pirates, in particular the Lazare group and its subset Traderra.
Traditional banking flights, formerly defined by masked criminals, assault physical chests, have become sophisticated cyber-engagements targeting digital assets, commented Bruin.
He noted that as financial systems passed online, cybercriminals adapted, exploiting vulnerabilities in banking networks and cryptocurrency platforms.
Groups like Lazarus have shown how pirates sponsored by the state can steal billions by emptying crypto exchanges, in money laundering thanks to decentralized financing platforms and by escaping international sanctions.
De Bruin stressed that bybit’s hacking calls into question the previous beliefs about the security of cryptography, showing that despite strong intelligent contracts and protections, the human factor is often the weakest link.
This incident highlights how manipulation of the user interface and social engineering can even compromise the most secure portfolios, he added.
According to the last reportsThe contest pirates have already successfully converted at least $ 300 million from their record brafe by $ 1.5 billion into unrealizable funds.
Describing how hacking took place, Bruin said that cryptocurrency exchanges use hot and cold wallets.
He explained that a hot wallet is a cryptocurrency portfolio connected to the Internet, which makes it practical for fast but more vulnerable transactions to hacks. A cold wallet is offline, which makes it very safe but less practical for quick access.
In the case of Bybit, the pirates operated a cold portfolio to fly the funds, mainly composed of Ethereum tokens.
The incident marks a new phase of attack methods, with advanced techniques to manipulate user interfaces.
Rather than simply targeting protocol defects, the attackers used smart social engineering to deceive users, which led to compromise.
“The majority of exchange funds will be stored in an offline cold portfolio. The reason why we designate it to an offline or cold wallet is because it is disconnected from the place where the majority of funds are stored, “said Bruin.
“The funds are then transferred from this cold wallet to a hot wallet, which is mainly used for various transactions. Thus, a cold wallet is essentially safe for your cryptocurrency.
“What seems to have occurred in this specific incident is that a transfer was made of a cold portfolio to a hot wallet where real hacking has occurred. Instead, these funds are transferred to an online or hot wallet, they have been transferred to other portfolios managed and operated by cybercriminals. »»
He noted that research on the control points, in real time, had identified when the statement hacks occurred according to surveillance.
The allocation of hacks is often difficult, especially with regard to cryptocurrencies. “However, we have a fairly good idea from who it is. It would appear from the proof that we have gathered that it is the Lazare group – a hacking group supported by the North Korean. »»
De Bruin explained that one of the greatest things that the Lazare group is known for our days is the cryptocurrency.
“They are well known for having stolen cryptocurrency in the name of the North Korean regime. The reason is quite obvious. Due to all sanctions against North Korea, they must find an alternative income. It is the largest Modus Operandi for the Lazare group. »»
Hendrik de Bruin, head of the SADC Security Consulting at Check Point Software Technologies. (Photography of Lesley Moyo)
The Lazare group hacked Sony Pictures in 2014, he said. In November 2014, Sony Pictures Entertainment was struck by a devastating cyber attack, and the pirates – identifying themselves as “peacekeepers” – disclosed large quantities of confidential data, including unpublished films, internal emails and information on employees. The attack caused significant financial and reputation damage to Sony.
The attack would have been in retaliation for “The Interview”, a comedy film which represented a fictitious assassination of the North Korean leader Kim Jong-Un, who has angry the North Korean regime. American intelligence agencies have concluded that North Korea, through the Lazare group, orchestrated the attack to punish Sony and dissuade the release of the film.
The Lazurus group is also known for the attack on Wannacry ransomware – one of the largest and most destructive cyber attacks in history, said Bruin.
Wannacry was a ransomware worm that spreads quickly around the world, infecting more than 230,000 computers in more than 150 countries. Malware encrypt files on infected systems and asked for a bitcoin ransom, threatening to delete the files if the payment was not made.
“It is often perceived that cryptocurrency is an anonymous means of transforming on the internet. To a certain extent, it is true, but you must also keep in mind that these cryptocurrencies have a big book, which is publicly visible. This is the transparency where you can really see where a transaction comes from and to which the funds were sent. »»
However, having the ability to connect this portfolio ID to a specific individual is where the difficulty arises and this is where the regulations come into play.
“When we look at this specific attack, we can see where many funds have gone and identify these portfolios. But identifying the individual or organization behind the portfolio will be the difficult part.
“The cryptocurrency market is in its infancy and with regard to regulations, it still evolves. Before traditional banks created protocols and security regulations, they also faced a crime and breakage attack, such as bank flights.
“So we will continue to see attacks against cryptocurrencies and the evolution of attacks. It is up to regulatory organizations to implement things like KYC (know your customer) to prevent this. »»
