North Korea's $1.5B Crypto Heist: A New Era in Exchange Security?
On February 21, 2025, Bybit exchange suffered a $1.5B crypto theft, the largest in history. Attackers bypassed smart contract vulnerabilities, instead compromising multiple signers' devices using sophisticated malware to manipulate their wallet interfaces and obtain signatures without their knowledge. Investigations point to North Korean state-sponsored actors (like TraderTraitor and Jade Sleet), using advanced social engineering to target key personnel and deploying a cross-platform toolkit. This highlights the critical risk of neglecting operational security, emphasizing air-gapped signing systems, multi-factor authentication, and regular security training. Similar attacks are likely to continue unless crypto companies significantly improve their operational security practices.