Lesson we can all learn from Bybit, Radiant Capital & WazirX compromise
Contents
TLDR: Highly capable adversaries are now performing incredibly difficult to detect AiTM attacks that target multi-signer systems, and these TTPs are a critical threat against banking systems, or systems that hold key material for signing anything from drivers to transactions.
Introduction
There’s been a lot of news about the quantity of billions of crypto from BytBit in late February 2025 but appears this campaign started with WazirX in July 2024, continued with Radiant Capital in October 2024, and ByBit is just the latest (and largest victim). And at first glance you’d think ok the crypto exchange was compromised, not much to see here. But AuditUrContracts did a fantastic job analysing the WazirX intrusion and demonstrated these where attacks conducted by persistent and capable adversaries. It wasn’t a simple web bug, or a single phishing email, but the compromise of multiple, very specific individuals. There is critical lessons to be learn from these …
Introduction
There’s been a lot of news about the quantity of billions of crypto from BytBit in late February 2025 but appears this campaign started with WazirX in July 2024, continued with Radiant Capital in October 2024, and ByBit is just the latest (and largest victim). And at first glance you’d think ok the crypto exchange was compromised, not much to see here. But AuditUrContracts did a fantastic job analysing the WazirX intrusion and demonstrated these where attacks conducted by persistent and capable adversaries. It wasn’t a simple web bug, or a single phishing email, but the compromise of multiple, very specific individuals. There is critical lessons to be learn from these …