778 reports
The podcast episode includes discussion of a reported $1.4 billion Lazarus Group theft from cryptocurrency exchange Bybit. The excerpt identifies the Bybit incident as North Korea’s largest-ever crypto heist and places it among other cyber-espionage and p…
The article describes Lazarus-linked Operation 99 activity against developers and Web3 organizations in Europe, using trusted platforms and Windows utilities to avoid early detection. The reported chain begins with trojanized GitHub software, then abuses …
Elliptic attributes the February 2025 theft of about $1.46 billion from Bybit to North Korea's Lazarus Group, citing laundering behavior and links to the group's crypto theft history. The attackers quickly swapped freezeable tokens such as stETH and cmETH…
Check Point analyzed the February 2025 Bybit theft in which attackers compromised an offline Ethereum wallet and stole roughly $1.5 billion in digital assets. The attack abused signer trust rather than a smart contract flaw: multisig participants were sho…
SlowMist attributes a June 2024 intrusion set against cryptocurrency exchanges to Lazarus Group after forensic work across multiple incidents. The attackers used social engineering against developers, including fake project-team and investment personas, t…
Arkham reports that Bybit's ETH cold wallet lost roughly $1.5 billion in ETH, stETH, mETH, and cmETH after a fraudulent transaction was signed during a scheduled cold-wallet migration. The attacker moved 401K ETH, 90.4K stETH, 8,000 mETH, and 15,000 cmETH…
A recorded DistrictCon session by Nick Roy and Martyn Williams describes a misconfigured North Korean server that exposed data on overseas animators and IT workers. The server reportedly held logs, documentation, and animation files for outsourced project…
A DistrictCon talk abstract describes a misconfigured North Korean server that exposed logs, documentation, and animation files tied to overseas animators and IT workers. The material reportedly included outsourced animation project data, factory video to…
SlowMist analyzed the February 2025 Bybit theft, where attackers stole more than $1.46 billion in ETH and liquid staking assets from a cold wallet workflow. The report cites ZachXBT attribution to Lazarus Group and links the incident to North Korea-linked…
Rekt describes the Bybit theft as a compromise of the exchange’s Ethereum cold-wallet signing process that drained roughly 401,346 ETH, 90,375 stETH, 15,000 cmETH, and 8,000 mETH. The attackers presented signers with a legitimate-looking Safe interface wh…
The Bybit attack used a trojan contract and a backdoor contract to turn a signed transaction into a malicious upgrade of an upgradeable Safe multisig cold wallet. Signers were tricked into authorizing a zero-token ERC-20 transfer to an unlisted contract, …
The archived thread reports on-chain links between the Bybit, Phemex, and BingX theft clusters attributed in the thread to Lazarus Group. It cites commingling between Bybit and Phemex theft addresses, test transactions, connected wallets used before the B…
OpenAI says it has disrupted malicious uses of its AI systems and is publishing case studies to support wider defensive work by governments, industry partners, and other stakeholders. The excerpt frames the threat set broadly, including authoritarian-stat…
Qi An Xin's 2024 annual threat report says APT activity most often targeted government, defense, and financial sectors, with major activity concentrated in Ukraine, China, the United States, Israel, and South Korea. It identifies Kimsuky, Lazarus, Patchwo…
TRM assessed with high confidence that North Korean hackers were behind the Bybit theft of about USD 1.5 billion in Ethereum tokens, citing substantial overlaps between attacker-controlled addresses and addresses linked to prior North Korean thefts. The a…