North Korean Hackers Steal $1.5B in Cryptocurrency

It looks like a very sophisticated attack against the Dubai-based exchange Bybit:

Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it was transferred to one of the exchange’s hot wallets. From there, the cryptocurrency was transferred out of Bybit altogether and into wallets controlled by the unknown attackers.

[…]

…a subsequent investigation by Safe found no signs of unauthorized access to its infrastructure, no compromises of other Safe wallets, and no obvious vulnerabilities in the Safe codebase. As investigators continued to dig in, they finally settled on the true cause. Bybit ultimately said that the fraudulent transaction was “manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet.”

The announcement on the Bybit website is almost comical. This is the headline: “Incident Update: Unauthorized Activity Involving ETH Cold Wallet.”

More:

This hack sets a new precedent in crypto security by bypassing a multisig cold wallet without exploiting any smart contract vulnerability. Instead, it exploited human trust and UI deception:

  • Multisigs are no longer a security guarantee if signers can be compromised.
  • Cold wallets aren’t automatically safe if an attacker can manipulate what a signer sees.
  • Supply chain and UI manipulation attacks are becoming more sophisticated.

The Bybit hack has shattered long-held assumptions about crypto security. No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link. This attack proves that UI manipulation and social engineering can bypass even the most secure wallets. The industry needs to move to end to end prevention, each transaction must be validated.

EDITED TO ADD (3/14): There has been a lot written about the details of this hack. It’s much more complicated, and sophisticated, than the initial news articles indicated. One summary:

The root of the Bybit transaction was a malicious transaction designed to modify the smart contract logic of the exchange’s multi-signature wallet. This change transferred ownership of the wallet to the attacker, allowing them to transfer the funds that it contained.

This malicious transaction was masked within another, benign transaction that was sent to the wallet’s signers for approval. In the masked UI, this transaction showed a transfer from the project’s cold wallet to a hot wallet with the correct address and a Safe URL.

Once this transaction was approved and digitally signed by the project’s team members, the hidden malicious code handed over control of the cold wallet to the attacker. From there, the attacker was able to transfer the assets held within the cold wallet to their own account, stealing an estimated $1.4 billion from the CEX.

Tags: , , ,

Posted on February 25, 2025 at 12:04 PM23 Comments

Comments

Who? February 25, 2025 1:00 PM

Cold wallets aren’t automatically safe if an attacker can manipulate what a signer sees.

I do not know what “cold wallet” means in this context. A true cold wallet is an independent, usually air gapped, device; if a cold wallet displays something on the computer screen then it is not a “cold” wallet, but a fancy “hot” wallet.

What a cold wallet displays on its LCD/OLED screen is information provided by the secure element inside it. It is the information being signed. If it lacks a LCD-style display then it is not a cold wallet, and whatever you sign on it is far from being trusted as a cold wallet never depends on a software element running on a computer.

It may have some support software, but information being signed should be provided by the secure element and displayed on the device’s LCD display. In short, it should work as a smartcard with a LCD display connected to the secure element and talking only to it, never to the computer itself.

If the secure element can be manipulated to sign something different to what it displays on the screen then… well… it is not a secure element at all.

It is by design, anything different from this design cannot be considered a cold wallet.

Who? February 25, 2025 1:05 PM

I would like to add that seed phrases and passphrases are never typed on a software tool provided by the cold wallet manufacturer. As said, these are independent (and usually air gapped) devices.

If you trust on what a computer displays “from the cold wallet” or you type the secret seed words that open your wallet on a computer, think on what you are doing twice because you are not working on a cold wallet.

Clive Robinson February 25, 2025 1:07 PM

@ Bruce, ALL,

“North Korean Hackers Steal $1.5B in Cryptocurrency”

Only $1.5billion, hardly worth getting out of bed for, after all it’s only bits and bytes 😉

But on a more serious note,

“Cold Wallet to Hot Wallet, how?”

“Supply chain and UI manipulation attacks”

So nothing new realy these have been going on for more than a decade one way or another. The instances might –but probably are not– be new, but these classes of attack are well known and understood.

There is therefore something else involved…

To start with, I guess the definition of “Cold Wallet” as something not just encrypted but segregated to the point of effective isolation has changed…

But also, Folks remember,

“Mitigations don’t work if you trade them for convenience.”

So using those as starting point “guestimates of fail”.

We find in the ARS article,

“No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link. This attack proves that UI manipulation and social engineering can bypass even the most secure wallets.”

Oh dear…

On of the first questions I ask is along the lines of,

“Why is this computer connected to externally reachable connections?”

Yes the human element was in part to blame… But, the attackers could only have succeeded if they had access to the users computers…

That’s why we say,

“segregated to the point of effective isolation”

So why were they not “segregated” it does not really say, but it can be infered it was to “stream line workflow” or other mealy-mouthed excuse for “convenience”.

But in the last paragraph of the ARS article we find,

“As both Check Point and Trail of Bits point out, the lessons learned here bring cryptocurrency security back to some of the most basic elements, such as segmenting internal networks

They are only part right, because if they do not,

“Fully issolate[1] from external communication”

This will have a crack that will enable it to be done again…

$1.5billion is an expensive lesson, but I do not think people have learned it…

[1] Do not think that you can segregate an internal network from an external network using the majority of “Data Diodes”. As I’ve pointed out in the past most have some form of error correction mechanism and this can be abused in various ways to get data from the external network into the internal network. I won’t go into details again as I have in the past, because when ever I’ve given details about things they’ve ended up appearing in attacks within a decade and sometimes less than a half decade, and some previous readers have complained.

Who? February 25, 2025 1:09 PM

Of course, human beings are the weakest link ever. But it is another, currently unsolvable, matter.

I do not care how secure a device is if you can trick its user to do something wrong on it.

Who? February 25, 2025 1:17 PM

@ Clive Robinson

The only acceptable UI for a cold wallet is a LCD display connected to the secure element on the device, and talking only to it; anything running on a computer can trivially provide false information to the user (e.g. by showing the real address actives would be sent, and the amount being sent) while signing something completely different in the background.

It is a trivial attack talking to a device to do something unexpected while showing something completely different to its user.

As you say, it seems definition of “cold wallet” has changed over time. But this one is not a cold wallet, but a fancy hot wallet that looks secure for those who do not understand security.

Clive Robinson February 25, 2025 1:26 PM

@ Who?

With regards,

“I do not care how secure a device is if you can trick its user to do something wrong on it.”

Not quite true.

For a badly designed system yup the external attacker just needs to get an insider to do something.

However it is possible to design systems such that the external attacker can not “reach in” and the internal user can not “pull in” or “push out”

That way as was known back in the 1960’s

“An attacker does not get front panel access”.

Or it’s modern equivalent.

As I said above for $1.5billion cost it’s an expensive lesson.

Hopefully others will learn from it

(I suspect I’m going to hear from others about this, for those that want to start look up “air gaps” then come back to this blog to learn about “energy gaps” and “Fault Injection Attacks” (basically active EmSec). Because for 1.5billion exploiting gap crossing energy paths is well worth the effort).

Bob February 25, 2025 3:53 PM

As others have pointed out, it seems the definition of “cold wallet” has changed to “fancy hot wallet.”

Death of regulation and consumer protections only makes such confusion more likely going forward.

Not your keys, not your coins. Forever and always.

Steve February 25, 2025 6:31 PM

@Bob: As others have pointed out, it seems the definition of “cold wallet” has changed to “fancy hot wallet.”

Maybe we need a new term, “lukewarm wallet?”

Having said that, for as long as these hacks by North Korea have been going on, I have been honestly puzzled as to what good it does them.

Given that North Korea is under some pretty stringent sanctions, I’m honestly curious as to how they convert this digital “funny money” into real cash that they can spend and how they go about spending it. I understand (more or less) obfuscating the provenance of the bitmoney using mixers but then what?

Perhaps someone on this list can help me out here.

Clive Robinson February 26, 2025 12:32 AM

@ Steve,

With regards,

“I’m honestly curious as to how they convert this digital “funny money” into real cash that they can spend and how they go about spending it.”

It depends on what you mean by “funny money”.

I regard all crypto coins as an investment scam, but not all do.

So let’s take their viewpoint, that unless flagged as “stolen/bad” etc the crypto coins are legitimate.

Remember that the way the coins work,

“There is no “take-me-back” option from another wallet.”

So any stolen coins are either gone or marked bad “on the chain”. This property is why some people “burn crypto” by putting it into a wallet that has no “private key” to supposedly make “the coin” more valuable (don’t ask the reasoning is shall we say a “quaint” use of economics).

But we know that “things take time” in reality with humans. So there is a period of time after the coins are stolen that they are still acceptable to trade/use.

If you can keep your trades ahead of the “time delay” then you can “trade/cash out” from intangible numbers to tangible physical items.

Now from what we can tell the “time delay” is proportional to both “distance and volume”.

Look at it this way lets assume there are $10,000 notes stacked up in a container that’s attached to an 18 wheeler tractor, that’s just been stolen from a repository. Yes you can drive it away but it’s a single object traveling a single route and it would “once it was known about” be fairly quickly stopped.

Now consider you had a million bags with $1500 in them and you fired them out like a confetti cannon as an investigator your job has just got a million times harder, and you don’t have the resources to track and cease even a tiny fraction of those bags before they in turn are empted and moved on.

That $1.5billion could have gone through many many wallets changing from one crypto coin to another crypto coin over and over before the original coins were even known to be gone let alone marked as stolen.

Think of it like pouring a 45lb bag of food safe dye in the river in Chicago (actually orange but it goes green when diluted in the water). They do this on “St Patricks Day” it does not take long for all of the river in Chicago to be “green”… You just can not get it “back in the bag”, and five hours later it’s all been swept away out of sight and there is no way that green is coming back, it’s gone for good.

https://www.nbcchicago.com/news/local/whats-in-dye-how-chicago-river-is-dyed-green-for-st-patricks-day/3384629/

Winter February 26, 2025 12:55 AM

As for how the hack could take place in a multi signature system.

I heard on the latest Chopping Block (Unchained) podcast that the hack was to show the signing parties a different transaction to sign than was actually performed.

See also:
‘https://www.halborn.com/blog/post/explained-the-bybit-hack-february-2025

Like if you authorize a bank transfer and you see a totally different amount and account number on your screen to authorize than the bank sees. But then on multiple screens at different locations.

They also wondered how the perpetrators would ever be able to spend that money as everyone can see where it goes.

wiredog February 26, 2025 5:53 AM

” The industry needs to move to end to end prevention, each transaction must be validated.”
At that point, what is the “advantage” of crypto over actual money?

jbmartin6 February 26, 2025 8:21 AM

At my job, we used to generate cold wallet transactions on an air gapped host, copy the signed transaction to a USB drive, then use that drive on a connected computer to inject the transaction into the coin protocol. Very secure in some ways. But it just doesn’t scale well for an org that can’t leave currency in the cold wallet for long period of time.

Steve February 26, 2025 11:58 AM

@Clive: It depends on what you mean by “funny money”.

In this context I just mean that bitcoin and its ilk are not generally “spendable” in most markets. A supplier is generally going to want dollars, euros, or whatever the appropriate coin of the realm might be.

So if I have a bag of bitcoin, no matter whether ill gotten or legit, unless I find a vendor who accepts the stuff directly, I need to convert it to what is derisively known as by the coiners ‘fiat‘ before I can buy anything with it.

I’m assuming the North Koreans do this through proxies but in all the stories I’ve read about NK exploits no one has ever delineated that process.

Perhaps I’ve answered my own question.

Clive Robinson February 26, 2025 12:18 PM

@ Wiredog,

With regards,

”The industry needs to move to end to end prevention, each transaction must be validated.”

From the second article, it’s actually worse than you say… Because “actual money” transactions unlike crypto-coins are “reversible” so the “actual money” could be got back even if the person who stole it was unwilling to do so (we know the US Gov through it’s various agencies have emptied foreign bank accounts even without legitimate judicial oversight). But once crypto-coins are transferred you can not get them back if the holder takes a few basic precautions (it’s built into the crypto design to stop authoritarian tyranny).

But let’s go back in time… Long long ago back last century I was talking about this “convenience” issue with “On-Line” systems (I’m the idiot that got SMS as an authentication “second channel” in an OTP “TOTP” configuration to work effectively as I’ve mentioned on this blog before)…

And for “convenience” the Finance Industry decided to only do “end party” authentication not “transaction authentication”… Which I’ve also mentioned here in the past.

Back then some of the banks got burned by various “Man in The Middle”(MiTM) attacks. And guess what many Financial Institutions customers can still be hit by a MiTM attack way more than three decades later…

Because the Financial Institutions have gone to the great expense of “putting a few words” in their On-Line agreements that “externalise the risk” onto the customer where the legislation allows… And people wonder why I don’t do “On-Line Banking” and the like…

The real issue in this case is,

“Multisigs are no longer a security guarantee if signers can be compromised.”

OK it’s not a very simple MiTM or “Social Engineering” attack as it required that some kind of “Plaintext” “User Interface” “I/O Shim” or equivalent to be deployed, but that’s been happening with “On-Line Banking” for over two decades…

So very much “Known Risks” with “Known Mitigations”. The system designers decided incorrectly that they could replace “Known Proven Mitigations” with some “Nonsense Unproven Complexity” that was in reality “Security Theater” of little or no worth.

So attackers from half way around the globe –or where ever– could gain access to the “Cold Wallet”… Which they should not have been able to do, even through “other software”. Thus it was not a “Secure” cold wallet by definition just another “insecure” hot Wallet…

Proving $1.5billion later, that the “Mutisigs” are in this case, just “Security Theatre” at best, or an “Open Door Policy to be robbed” which happened…

@ jbmartin6,

“But it just doesn’t scale well for an org that can’t leave currency in the cold wallet for long period of time.”

Hence my first comments remark of,

“Mitigations don’t work if you trade them for convenience.”

They traded the mitigation of a full “Cold Wallet” for “convenience” and so it also proved convenient for the attackers.

Thus the very predictable loss of $1.5billion for this “little convenience” is perhaps a hard lesson to swallow for some… But perhaps you might want to rethink “At my job” depending on your level / position, because you could call this,

“A very real ‘Proof Of Concept'(POC) with some very loud alarm bells attached.”

And it’s almost certainly going to work again because all that’s required is,

1, The turning of a “Cold Wallet” into a “Hot Wallet” by the organisation.
2, Attackers to become aware that 1 has happened.
3, They get access directly or indirectly to what was or was alluded to be the “Cold Wallet”.

Then all the reserves in that supposed to be “Cold Wallet” march out the door to the North Korean National Anthem or similar song even if it’s just Disney’s Dwarf theme of “Hi ho, Hi ho, it’s off to the crypto-coin market we go…”

It was all highly predictable before Crypto-Coin actually “became a thing” and the fact it’s still happening speaks volumes about Financial Institutions priorities and inability or not wanting to assess “Known Risk” appropriately.

Andy February 27, 2025 2:48 AM

There were multiple problems not mentioned yet.

1) Multisig. When 3 people are signing the transaction, everyone thinks “why bother checking, others checked it already”. Like CEO mentioned, that he did not check it. Later the excuse changed to following point:

2) Blind signing. They tried to explain, that the contract was too complicated to be displayed during signing. So they blind signed. What on earth is complicated in simple money transfer?

Considering other problems too, I wonder why there are still some people using that exchage, they have no clue about basic security principles.

Clive Robinson February 27, 2025 3:59 AM

@ Andy, ALL,

More money after bad…

https://www.theregister.com/2025/02/26/bybit_lazarus_bounty/

Apparently a 5% bounty has been offered to those who provide information to the missing $1.5billion…

With a further 5% going to any exchange that aids in the recovery of the missing funds.

I suspect that the payout is going to be low, and the trouble created high.

It all depends on how well the alleged perpetrators have “mixed it up” pulled the funds out and in other ways covered their tracks…

If it is the NoKs I suspect they will have done a lot.

Why because “the boss is a killer” who hates people who fail him.

He knows that $1.5billion is alleged to have been taken, imagine what he will think if they don’t “make bank” on it…

I think it safe to say that,

“The red stuff will hit the fan etc.”

So the “cashing out” will probably have been well thought of and prepared long in advance even before “the target was identified” by the alleged attackers.

ResearcherZero March 1, 2025 12:20 AM

@Clive Robinson

Someone should tell them that their loot is in North Korea. Maybe point to it on a map? 😉

ResearcherZero March 1, 2025 12:44 AM

If the hires at DOGE cannot do basic math, what makes anyone think e-coin startups can.
Given the exploits we have seen over recent years, the ability to break out of sandboxes, containers, bypass of a multitude of secure ® and then plain old N-days, gunna get pwned.

The browser exploits are bad enough alone. Once they drop a RAT on the target then the network is compromised. We all know that even old spies use their birthday as the combination for their office safe because they get lazy and complacent. If intelligent agencies can regularly physically steal information off of each others desks, then they most certainly are going to break into your systems at your fancy, new blinged-out office.

(or wherever you outsourced the software development)

Clive Robinson March 1, 2025 10:33 AM

@ ResearcherZero,

Speaking of “loot” you might have heard that $30million to Trump nonsense is the price of a “keep out of jail free card”?

“Chinese crypto entrepreneur Justin Sun’s legal troubles seem to be fading away. In March 2023, the Securities and Exchange Commission (SEC) charged him with manipulating the market. After Trump was elected, he dumped $30 million into the President’s World Liberty Financial crypto scheme. Now a federal judge has granted him a stay in the SEC’s investigation.”

https://gizmodo.com/sec-drops-charges-against-chinese-billionaire-after-he-pumps-30-million-into-trumps-crypto-scheme-2000569966

Or is it $75million?, I guess it depends on who you ask,

https://www.wired.com/story/sec-is-giving-up-biggest-crypto-lawsuits/

Brings us to your point of,

If the hires at DOGE cannot do basic math, what makes anyone think e-coin startups can.

But consider with “bad math abounding” in US Executive PR and worse actions to justify idiocy… Is it really incompetent employees or a deliberate course of action from the very top?

And of course with DOGE sniffing around Hell-on Rusks arch enemy SEC, and with comfortable Federal pensions and healthcare on the line, has the sniffing around the SEC been coincidental incentive or part of a very deliberate stratagem?

At every step both DOGE and the senior Executive members look increasingly corrupt and in what less than 100days…

How many trillions do you think will go AWOL before they get booted out?

And as both you and I are outsiders looking in, I can only guess what ordinary US citizens think?

Especially as in the UK we have our own “corrupters” running around telling lies and on the take and to incompetent to keep it out of sight… I can only guess what nonsense was traded just the other day between POTUS and UK PM.

lurker March 10, 2025 9:17 PM

Preview button is giving me backchat, wonder if this will post …

MSM saya real money is moving: “at least $300M” cashed in already; $4M claimed in bounties, ie. $40M recovered; 20% (~$300M) has “gone dark”, ie. nobody will see that again.

‘https://www.bbc.com/news/articles/c2kgndwwd7lo

Ceguro May 15, 2025 2:43 PM

Blockchain audits, especially for smart contracts, but also for DeFi, Web 3 wallets and integrations, NFT’s, ZK integrations etc. are valuable tools for operating in the digital/blockchain world. The blockchain world is fairly secure at this point, but just Google ‘blockchain hacked’, and you can see it’s not impossible. And the more blockchain becomes prevalent, the more we will see security breaches become more sophisticated.

Ceguro June 4, 2025 1:00 PM

“veridise:

How do you “audit out” the rising level of Blockchain related violence?”

For sure, this is an entirely different ‘security’ problem. IIRC, something similar just happened in NY, but ended up much worse for the crypto owner.

Audits and smart coding can secure the ‘cyber’ threats, but for sure, they are not the only ones to be aware of.

Basically, close all the electronic vulnerabilities, but you still have to deal with the physical ones, and crypto being a high value, portable asset, makes you a target to those sorts of attacks.

I guess the fact is that as a crypto owner, it’s like you are carrying around a ‘wallet’ that may have 10’s of thousands or even millions of dollars of value at any given time. All criminals need to do is extort it out of you by some means, and it’s gone. Not really any different than robberies or kidnappings in the past, except the portability of the extorted assets is, in some ways, higher. So in a sense, nothing has changed, people are still using violence to take from others…..

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.