Demystifying the North Korean Threat
Contents
One fateful morning in February, the SEAL 911 group lit up as we watched in confusion while Bybit withdrew over 1B USD of tokens from their cold wallet into a brand new address, only to promptly begin liquidating over 200M USD of LSTs. Within minutes, we had confirmation from both the Bybit team, as well as independent analysis (the multisig, which previously was using a publicly verified implementation of Safe{Wallet}, was now using a newly deployed unverified contract), that this was in fact not routine maintenance. Someone had pulled off the biggest hack in cryptocurrency history, and we had a front-row seat.
While part of the team (along with the wider sleuthing community) got to work tracing the funds and sending out notifications to partnered exchanges, the rest of the team was trying to figure out what exactly happened, and whether any other funds were at risk. Fortunately, identifying the perpetrator …
While part of the team (along with the wider sleuthing community) got to work tracing the funds and sending out notifications to partnered exchanges, the rest of the team was trying to figure out what exactly happened, and whether any other funds were at risk. Fortunately, identifying the perpetrator …