朝鲜可能从Bybit中耗尽1.5B $ 1.5B的加密货币。

加密货币行业和负责确保其确保其确保的人仍然震惊

Dubai cryptocurrency exchange Bybit was hit with a massive heist on Friday, with attackers making off with a record-breaking $1.5 billion in digital assets. The theft occurred when an unknown entity managed to transfer a large sum of ethereum and staked ethereum coins from Bybit’s Multisig Cold Wallet to one of the exchange’s hot wallets, before moving the cryptocurrency out of Bybit entirely and into wallets controlled by the attackers.

周五，迪拜加密货币交易所Bybit遭受了巨大的抢劫案，攻击者以创纪录的15亿美元的数字资产击中。当一个未知的实体设法将大量以太坊和固定的以太坊硬币从Bybit的Multisig Cold Wallet转移到交易所的热钱包之一时，发生盗窃发生，然后将加密货币完全从Bybit移出bybit并由攻击者控制的钱包。

According to researchers at blockchain analysis firm Elliptic, the techniques and flow of the subsequent laundering of the funds bear the signature of threat actors working on behalf of North Korea. The revelation comes as little surprise, given that the isolated nation has a well-documented history of cryptocurrency theft, largely to fund its weapons of mass destruction program.

根据区块链分析公司Elliptic的研究人员的说法，随后洗钱的技术和流动具有代表朝鲜工作的威胁参与者的签名。鉴于这个孤立的国家有据可查的加密货币盗窃历史，这很大程度上让人感到惊讶，这在很大程度上是为了资助其大规模杀伤性武器计划。

Multisig cold wallets, also known as multisig safes, are considered one of the gold standards for securing large sums of cryptocurrency. Typically, a multisig cold wallet will require multiple parties to sign off on any transaction, making it much more difficult for attackers to clear out the wallet without being detected.

Multisig冷钱包，也称为Multisig Safes，被认为是确保大量加密货币的金标准之一。通常，Multisig Cold钱包将要求多方在任何交易上签字，这使攻击者很难清除钱包而无需被发现。

In this case, however, the threat actors managed to clear this hurdle by exploiting a vulnerability in Bybit’s hot wallet setup. Specifically, the attackers were able to use a compromised employee’s credentials to access the exchange’s AWS console, where they could view the private keys for the hot wallets. With these keys in hand, the attackers were able to move the cryptocurrency out of Bybit’s cold wallet and into their own wallets.

但是，在这种情况下，威胁参与者通过利用拜比特（Bybit）的热钱包设置中的脆弱性来清除这一障碍。具体而言，攻击者能够使用妥协的员工的凭据来访问Exchange的AWS控制台，在那里他们可以查看热钱包的私钥。凭借这些钥匙，攻击者能够将加密货币从拜比特的冷钱包中移出到自己的钱包中。

The theft was discovered by Bybit officials several hours after it occurred, and the exchange quickly notified its users of the incident. Bybit also stated that it had frozen all user withdrawals and was working with law enforcement to investigate the theft.

盗窃案是在发生后几个小时被Bybit官员发现的，交易所很快将其用户通知了该事件。拜比特还表示，它已经冻结了所有用户的提款，并正在与执法部门合作调查盗窃案。