Revealed: How a Hacked Developer Laptop Led to Bybit’s Record $1.4 Billion Crypto Heist

In a shocking revelation, multi-signature wallet provider Safe has confirmed that last month’s staggering $1.4 billion Ethereum hack on centralized exchange Bybit originated from a compromised developer laptop.

The breach, which marks the largest cryptocurrency hack in history, has been linked to the infamous North Korean state-sponsored hacker group Lazarus. Safe, alongside cybersecurity specialists from Mandiant, disclosed that their ongoing investigation has reached a “critical checkpoint.”

How Did the Attack Happen?

According to Safe’s latest findings, the attack was initiated on February 4 when a senior developer’s workstation was compromised after interacting with a malicious open-source Docker project or lightweight application.

From there, the attackers managed to bypass multi-factor authentication and gain unauthorized access to Safe’s Amazon Web Services (AWS) account by hijacking active session tokens. This allowed them to inject malicious JavaScript into Safe’s website, a vulnerability that was exploited on February 21 to drain Bybit’s funds.

A screenshot from the Wayback Machine confirms that the injection occurred roughly two weeks after the initial breach, setting the stage for the catastrophic theft.

Unprecedented Crypto Heist

This event has now gone down in history as the largest crypto hack ever recorded. Bybit, headquartered in Dubai, is actively tracking the stolen funds and has offered a massive $140 million bounty for information leading to their recovery and freezing.

What Is Safe Doing to Prevent Future Attacks?

Since the breach, Safe has ramped up its security measures, including:

• A complete infrastructure overhaul

• A redesigned user interface for verifying transaction hashes

• Enhanced detection mechanisms for malicious transactions

Despite these measures, Safe acknowledges that there is still work to be done and is urging users to take extra precautions when approving transactions.

Lessons for the Crypto Community

In light of this attack, Safe emphasizes that transaction signing is currently the last line of defense. To ensure users fully understand what they are approving, Safe has released a comprehensive guide on verifying transactions before signing. The company is also implementing additional frictionless security features to better protect its users.

The Bottom Line

This devastating hack serves as a wake-up call to the entire crypto industry. With hackers becoming more sophisticated, exchanges, developers, and users alike must prioritize security measures to safeguard digital assets. As the investigation continues, the world watches closely to see whether Bybit can recover the stolen billions—or if this record-breaking heist will remain one of crypto’s most costly lessons.