The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history.
Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it was transferred to one of the exchange’s hot wallets. From there, the cryptocurrency was transferred out of Bybit altogether and into wallets controlled by the unknown attackers.
This wallet is too hot, this one is too cold
Researchers for blockchain analysis firm Elliptic, among others, said over the weekend that the techniques and flow of the subsequent laundering of the funds bear the signature of threat actors working on behalf of North Korea. The revelation comes as little surprise since the isolated nation has long maintained a thriving cryptocurrency theft racket, in large part to pay for its weapons of mass destruction program.
Multisig cold wallets, also known as multisig safes, are among the gold standards for securing large sums of cryptocurrency—more shortly about how the threat actors cleared this tall hurdle. First, a little about cold wallets and multisig cold wallets and how they secure cryptocurrency against theft.
Wallets are accounts that use strong encryption to store bitcoin, ethereum, or any other form of cryptocurrency. These wallets are assigned an encryption keypair. The public key serves as the wallet address so others know how to find it, although some account holders opt to keep it private. The private portion of the keypair, meanwhile, is a long alphanumeric string required to move funds out of the wallet.
Transfers require hot wallets. These are accounts that are always connected to the Internet and store the private key. Over the past decade, hot wallets have been drained of digital coins supposedly worth billions, if not trillions, of dollars. Typically, these attacks have resulted from the thieves somehow obtaining the private key and emptying the wallet before the owner knows the key has been compromised.
