by David Yaffe-Bellany at The New York Times
The cryptocurrency exchange Bybit lost $1.5 billion to North Korean hackers last month — and it all traced back to an account on a free digital storage service.
On the night of Feb. 21, Ben Zhou, the chief executive of the cryptocurrency exchange Bybit, logged on to his computer to approve what appeared to be a routine transaction. His company was moving a large amount of Ether, a popular digital currency, from one account to another.
Thirty minutes later, Mr. Zhou got a call from Bybit’s chief financial officer. In a trembling voice, the executive told Mr. Zhou that their system had been hacked.
“All of the Ethereum is gone,” he said.
When Mr. Zhou approved the transaction, he had inadvertently handed control of an account to hackers backed by the North Korean government, according to the F.B.I. They stole $1.5 billion in cryptocurrencies, the largest heist in the industry’s history.
To pull off the astonishing breach, the hackers exploited a simple flaw in Bybit’s security: its reliance on a free software product. They penetrated Bybit by manipulating a publicly available system that the exchange used to safeguard hundreds of millions of dollars in customer deposits. For years, Bybit had relied on the storage software, developed by a technology provider called Safe, even as other security firms sold more specialized tools for businesses.
The hack sent crypto markets into a free fall and…
Continue Reading