朝鮮可能從Bybit中耗盡1.5B $ 1.5B的加密貨幣。

加密貨幣行業和負責確保其確保其確保的人仍然震驚

Dubai cryptocurrency exchange Bybit was hit with a massive heist on Friday, with attackers making off with a record-breaking $1.5 billion in digital assets. The theft occurred when an unknown entity managed to transfer a large sum of ethereum and staked ethereum coins from Bybit’s Multisig Cold Wallet to one of the exchange’s hot wallets, before moving the cryptocurrency out of Bybit entirely and into wallets controlled by the attackers.

週五，迪拜加密貨幣交易所Bybit遭受了巨大的搶劫案，攻擊者以創紀錄的15億美元的數字資產擊中。當一個未知的實體設法將大量以太坊和固定的以太坊硬幣從Bybit的Multisig Cold Wallet轉移到交易所的熱錢包之一時，發生盜竊發生，然後將加密貨幣完全從Bybit移出bybit並由攻擊者控制的錢包。

According to researchers at blockchain analysis firm Elliptic, the techniques and flow of the subsequent laundering of the funds bear the signature of threat actors working on behalf of North Korea. The revelation comes as little surprise, given that the isolated nation has a well-documented history of cryptocurrency theft, largely to fund its weapons of mass destruction program.

根據區塊鏈分析公司Elliptic的研究人員的說法，隨後洗錢的技術和流動具有代表朝鮮工作的威脅參與者的簽名。鑑於這個孤立的國家有據可查的加密貨幣盜竊歷史，這很大程度上讓人感到驚訝，這在很大程度上是為了資助其大規模殺傷性武器計劃。

Multisig cold wallets, also known as multisig safes, are considered one of the gold standards for securing large sums of cryptocurrency. Typically, a multisig cold wallet will require multiple parties to sign off on any transaction, making it much more difficult for attackers to clear out the wallet without being detected.

Multisig冷錢包，也稱為Multisig Safes，被認為是確保大量加密貨幣的金標準之一。通常，Multisig Cold錢包將要求多方在任何交易上簽字，這使攻擊者很難清除錢包而無需被發現。

In this case, however, the threat actors managed to clear this hurdle by exploiting a vulnerability in Bybit’s hot wallet setup. Specifically, the attackers were able to use a compromised employee’s credentials to access the exchange’s AWS console, where they could view the private keys for the hot wallets. With these keys in hand, the attackers were able to move the cryptocurrency out of Bybit’s cold wallet and into their own wallets.

但是，在這種情況下，威脅參與者通過利用拜比特（Bybit）的熱錢包設置中的脆弱性來清除這一障礙。具體而言，攻擊者能夠使用妥協的員工的憑據來訪問Exchange的AWS控制台，在那裡他們可以查看熱錢包的私鑰。憑藉這些鑰匙，攻擊者能夠將加密貨幣從拜比特的冷錢包中移出到自己的錢包中。

The theft was discovered by Bybit officials several hours after it occurred, and the exchange quickly notified its users of the incident. Bybit also stated that it had frozen all user withdrawals and was working with law enforcement to investigate the theft.

盜竊案是在發生後幾個小時被Bybit官員發現的，交易所很快將其用戶通知了該事件。拜比特還表示，它已經凍結了所有用戶的提款，並正在與執法部門合作調查盜竊案。