North Korean Hacker Organization Shocking Theft! Details of the $1.4 Billion Cryptocurrency Heist Exposed
Recently, Safe Wallet disclosed details of a significant cryptocurrency theft associated with a North Korean hacker organization, urging the community to strengthen security measures. The Federal Bureau of Investigation (FBI) has attributed this attack to a hacker group named TraderTraitor, which has close ties to the Democratic People's Republic of Korea (DPRK). Cybersecurity company Mandiant (now part of Google Cloud) has also confirmed this accusation.
Attack Details Revealed
An investigation conducted by Safe Wallet in collaboration with Mandiant shows that the attack occurred on February 21 and was a highly complex state-sponsored operation. The attackers gained access to an AWS session token by infiltrating the laptop of a Safe Wallet developer, successfully bypassing multi-factor authentication (MFA) controls. This developer had elevated permissions, which the attackers exploited to further control the system.
Despite the attackers' efforts to cover their tracks by deleting malware and clearing Bash history, Safe Wallet and Mandiant still successfully gathered a wealth of intelligence. The investigation is ongoing, focusing on how the attackers obtained access to the server.
Tracking the Stolen Funds
During this attack, $1.4 billion worth of ETH was stolen. Currently, 77% of the funds can still be tracked, but the remaining $1 billion is still a pressing concern. Blockchain analysis company Elliptic played a key role in tracking the stolen funds, its real-time filtering technology helping to monitor the flow of funds and freeze portions before the assets could be laundered.
Elliptic co-founder Tom Robinson pointed out that the stolen cryptocurrency is being transferred through Bitcoin mixers to obscure its origin. These mixers include platforms such as Wasabi Wallet and Cryptomixer, making it extremely difficult to trace the funds.
Security Measures Upgraded
Safe Wallet stated that it has implemented multiple security measures in its infrastructure, significantly enhancing its defenses compared to pre-incident levels. The company urges the cryptocurrency community to take proactive steps, including strengthening access controls, monitoring for unusual activities, and developing a comprehensive incident response plan.
