In a new statement, Safe{Wallet} attributed the recent $1.4 billion attack on Bybit to TraderTraitor (UNC4899), a cybercrime group with ties to North Korea.
Attackers reportedly bypassed multi-factor authentication by hijacking a developer's laptop and stealing an AWS session token.
According to Safe{Wallet}, the FBI has officially linked the February 21 heist to TraderTraitor, a group with ties to the Democratic People’s Republic of Korea (DPRK). Cybersecurity firm Mandiant, which tracks the group as UNC4899, also confirmed the connection in a preliminary report. TraderTraitor has been linked to several major cryptocurrency thefts in recent years.
Safe{Wallet} stated that an ongoing investigation aims to determine the full extent of attacker activity following the breach. The breach allowed threat actors to gain access to Safe{Wallet} servers, raising concerns about potential system vulnerabilities.
In response, Safe{Wallet} implemented significant security improvements, strengthening its infrastructure beyond pre-incident levels. The company also assured users that their smart contracts were not affected by the attack.
*This is not investment advice.
