Bybit, one of the world’s largest cryptocurrency exchanges, has fallen victim to the biggest crypto heist in history
Hackers managed to steal a staggering $1.5 billion in digital assets, primarily in Ethereum, from Bybit’s cold wallet, an offline storage system designed for ‘security’.
This breach has sent shockwaves through the cryptocurrency community, raising concerns about the security of digital assets.
The attack, which occurred on 21st February 2025, was reportedly traced back to the notorious North Korean hacking group, Lazarus. Known for their sophisticated cyber-attacks, the Lazarus Group exploited vulnerabilities in Bybit’s security infrastructure to gain access to the cold wallet.
Once inside, they swiftly transferred the stolen funds across multiple wallets and liquidated them through various platforms.
Bybit’s CEO, Ben Zhou, reassured users that all other cold wallets remained secure and that withdrawals were operating normally. However, the breach triggered a rush of withdrawals as users feared potential insolvency.
To mitigate the impact, Bybit secured a bridge loan from undisclosed partners to cover any unrecoverable losses and maintain operations.
Blockchain analysis firms, including Elliptic and Arkham Intelligence, have been working tirelessly to trace the stolen assets.
They have labelled the thief’s addresses in their software to prevent the funds from being cashed out through other exchanges. Despite these efforts, the stolen funds are being systematically moved through anonymous exchanges, making it challenging to recover the assets.
This incident highlights the ongoing risks associated with cryptocurrency exchanges and the need for robust security measures. As the industry grapples with the aftermath of this unprecedented heist, experts warn that large-scale thefts remain a fundamental risk in the digital asset space.
Bybit’s response and the collaborative efforts of the crypto community will be crucial in restoring trust and preventing future breaches.
The breach involved a third-party payroll system used by the MoD
The compromised system contained names and bank details of both current and past members of the UK armed forces.
While the full extent and consequences of the breach are still under investigation, preliminary results reportedly indicate that no data was extracted during the incident.
It appears that a minimal number of addresses might have been compromised.
The Ministry of Defence (MoD) responded quickly by disconnecting the external network, which is managed by a contractor.
Affected service members will be informed as a precautionary measure and will be provided with expert advice.
Hacker’s ID not revealed
The hacker’s identity has not been revealed, but it is significant that in March, the UK and the U.S. charged China with conducting a worldwide campaign of “malicious” cyber-attacks.
These assaults targeted the Electoral Commission watchdog in 2021 and involved online “reconnaissance” of MPs’ and peers’ email accounts. The limited response to these events highlights the persistent cybersecurity challenges and the importance of constant alertness.
As the inquiry progresses, the MoD is expected to implement additional security measures to safeguard sensitive data, measures that ideally should have already been established.
UK police have dismantled a gang that provided a technology service enabling criminals to use fraudulent text messages to defraud victims
Britain’s Metropolitan Police announced on Thursday 18th April 2024 that the ‘LabHost‘ website had been utilised by 2,000 criminals to pilfer personal details from users.
The police have reportedly identified approximately 70,000 UK individuals whose details were compromised via LabHost’s websites. The websites of LabHost have been disrupted and now displays a notice indicating that the services have been seized by law enforcement.
They have arrested 37 people worldwide and are contacting victims affected by the scam.
Phishing scam
Officers say younger people who grew up with the internet were the most likely to fall for the ‘phishing’ scam.
What is ‘phishing’
‘Phishing’ is a type of social engineering attack where perpetrators trick individuals into disclosing sensitive information or downloading malware. This often entails the use of deceptive emails or messages that mimic reputable entities, luring users to input their login details on counterfeit websites.
The technology enabled scammers without technical expertise to inundate victims with deceptive messages aimed at eliciting online payments.
Authorities focused on the gang’s website, LabHost, which facilitated the despatch of these messages and steered victims towards counterfeit websites. These sites mimicked authentic online payment or shopping platforms.
ID theft
This operation allowed the perpetrators to pilfer personal identity details, including 480,000 card numbers and 64,000 PIN codes. It was referred to as ‘fullz data‘ in criminal circles, according to the police.
The exact amount of money stolen remains unknown. However, detectives estimate that the LabHost site generated close to £1 million ($1.25 million) in profits.
A serious problem or a technical glitch? I call it the donut theory – where everything is perceived as good until… but it isn’t – when you can’t even buy a donut!
Recent issues highlight a growing problem
Due to a payment acceptance issue, the bakery chain Greggs has closed some of its outlets. Patrons encountered certain branches that were either shut or only accepted cash.
This incident comes after card payment systems failed at Sainsbury’s and Tesco on Saturday 16th March 2024, and at McDonald’s on Friday 15th March 2024, and at many other outlets over recent months. Instore shopping and home deliveries were all affected.
Failures
The recent system failures experienced by major UK retailers like Sainsbury’s, Tesco, and even McDonald’s have indeed raised concerns. While these incidents may seem isolated, they highlight broader issues related to technology infrastructure, reliance on digital systems, and the impact of such failures on businesses and consumers.
Potential implications and issues with system failures. We are so dependent on the ‘system’.
Dependency on Technology
Modern businesses heavily rely on technology for operations, from inventory management to payment processing. When systems fail, it disrupts daily operations, affecting customer satisfaction and revenue.
The recent incidents underscore the need for robust backup systems, redundancy, and thorough testing of software updates.
Customer Experience and Trust
System outages can frustrate customers who rely on these services. Delays in grocery deliveries or inability to pay via contactless methods can lead to dissatisfaction.
Trust in a brand can erode if such incidents occur frequently. Customers may seek alternatives or lose confidence in the retailer’s ability to provide reliable services.
Financial Impact
System failures can result in financial losses due to missed sales, refunds, and operational disruptions.
Companies invest significant resources in maintaining and upgrading their technology infrastructure. Failures can be costly both in terms of immediate losses and long-term reputation damage.
Cybersecurity Concerns
System glitches may raise questions about cybersecurity. While not all incidents are related to security breaches, any disruption can make consumers wary.
Retailers must continuously assess and enhance their security measures to protect customer data and prevent unauthorized access.
Supply Chain Vulnerabilities
Supermarkets are part of complex supply chains. System failures can impact suppliers, logistics, and distribution networks.
Ensuring resilience across the entire supply chain is crucial to prevent cascading effects.
Regulatory Compliance
Retailers must comply with regulations related to data protection, payment processing, and consumer rights. System failures could lead to legal and regulatory challenges.
Recent Cyberattacks and System Failures in the UK
Cyberattacks will all have malicious intent, such as accessing, changing, or destroying sensitive information; extorting money from users via ransomware; or interrupting normal business processes.
The digital age has brought unprecedented convenience and efficiency to our lives. However, it has also introduced new challenges, particularly in the realm of cybersecurity and system reliability. In the UK, several high-profile incidents have underscored these challenges. Here are ten recent serious cyberattacks and system failures that have occurred since 2022.
System Failures
NHS IT Failures: In December 2023, the Health Services Safety Investigations Body (HSSIB) reported that IT failures in the NHS have resulted in patient harm and even deaths. Urgent action is needed to address these issues.
Failing IT Infrastructure in the NHS: A report highlighted that the failing IT infrastructure is undermining safe healthcare in the NHS.
Failed Government IT Project: A failed government IT project to upgrade NHS computer systems in England ended up becoming one of the ‘worst and most expensive contracting fiascos’ in public sector history.
Abandoned NHS Patient Record System: In September 2013, an NHS patient record system, which would have been the world’s largest non-military IT system, was abandoned. The failed centralised e-record system cost the taxpayer over £10 billion.
Cyberattacks
Ransomware Attack on NHS: A ransomware attack on a software supplier hit the NHS across the UK, and there were fears that patient data may have been the target.
Ransomware Attack on Greater Manchester Police: The Greater Manchester police force fell victim to a ransomware hack, exposing details of officers’ name badges such as ranks, photos, and serial numbers.
Ransomware Attack on Royal Mail: The Royal Mail was affected by a ransomware attack.
Ransomware Attack on Capita: Outsourcing firm Capita was hit by a ransomware attack.
Ransomware Attack on Barts Health NHS Trust: The Barts Health NHS trust was affected by a ransomware attack.
Ransomware Attack on Redcar and Cleveland Council: In 2020, Redcar and Cleveland council fell victim to a ransomware attack and was locked out of its systems for almost three weeks.
Cyber-Attack on UK VoIP Providers: An ‘unprecedented’ and coordinated cyber-attack struck multiple UK-based providers of voice over internet protocol (VoIP) services.
Hackney Borough Council Cyber-Attack: Hackney Borough Council was hit by a cyber-attack which led to significant disruption to services and IT systems.
Exchange Email Hack: In March 2021, hundreds of UK companies were compromised as part of a global campaign linked to Chinese hackers.
Hacking of 23andMe Profiles: In December 2023, there was a hack of 6.9 million profiles at genetic test firm 23andMe.
Booking.com Customer Hacking: In November 2023, hackers increased attacks on Booking.com customers
And there have been many more. Whatever the reason; system failures or cyberattacks – the UK needs to seriously update and improve its resources and defences or suffer the serious consequences.
These incidents serve as a stark reminder of the importance of robust cybersecurity measures and reliable IT systems. As we continue to rely more heavily on digital systems, it is crucial that we learn from these incidents and take the necessary steps to prevent similar occurrences in the future.
Conclusion
In summary, while individual incidents may not indicate a systemic crisis, they serve as reminders for businesses and local authorities to invest in robust technology, disaster recovery plans, and proactive risk management. As technology continues to evolve, addressing these challenges becomes even more critical.
Cybersecurity is a very important and relevant topic in today’s world. It refers to the practice of protecting systems, networks, and programs from digital attacks that can harm individuals and organizations.
Cyberattacks will all have malicious intent, such as accessing, changing, or destroying sensitive information; extorting money from users via ransomware; or interrupting normal business processes.
Cybersecurity aims to prevent or mitigate these attacks by using various technologies, measures, and practices.
There are many types of cybersecurity, depending on the domain or layer of IT infrastructure that needs to be protected.
Critical infrastructure security
This protects the computer systems, applications, networks, data and digital assets that a society depends on for national security, economic health and public safety. For example, the power grid, the water supply, the transportation system, the health care system, etc.
In the United States, there are some guidelines and frameworks for IT providers in this area, such as the NIST cybersecurity framework and the CISA guidance.
Network security
This prevents unauthorized access to network resources and detects and stops cyberattacks and network security breaches in progress. For example, firewalls, antivirus software, encryption, VPNs, etc. Network security also ensures that authorized users have secure access to the network resources they need, when they need them.
Application security
This protects applications from cyberattacks by ensuring that they are designed, developed, tested, and maintained with security in mind. For example, code reviews, vulnerability scanning, penetration testing, secure coding practices, etc. Application security also involves educating users about safe and responsible use of applications.
Cyberattacks will all have malicious intent, such as accessing, changing, or destroying sensitive information; extorting money from users via ransomware; or interrupting normal business processes.
There are many more types of cybersecurity, such as cloud security, endpoint security, data security, identity and access management (IAM), etc. Each type of cybersecurity has its own challenges and solutions.
Companies to watch
Cybersecurity companies such as CrowdStrike, Okta, Zscaler and Palo Alto Networks are valuable assets with businesses willing to pay good money to protect against hackers.
The UK’s elections watchdog has revealed it has been the victim of a complex cyber-attack potentially affecting millions of voters.
The Electoral Commission said unspecified ‘hostile actors‘ had managed to gain access to copies of the electoral registers, from August 2021. Note the word ‘unspecified’ is used – do they even know?
Hackers also broke into its emails and “control systems” but the attack was not discovered until October last year. The watchdog has warned people to watch out for unauthorised use of their data.
The commission said hackers accessed copies of the registers it was holding for research purposes, and for conducting checks on political donors. The commission knew which of its systems were accessible to the hackers, but could not ‘conclusively‘ identify which files may have been accessed.
‘Very sophisticated’ attack
The personal data held on the registers – name and address – did not itself present a ‘high risk‘ to individuals, it added, although it is possible it could be combined with other public information to ‘identify and profile individuals’.
It has not said when the hackers’ access to its systems was stopped, but said they were secured as soon as possible after the attack was identified in October 2022. Why was it left so long to be made public and how long did it take to make systems secure again?
Explaining why it had not made the attack public before now, the commission said it first needed to stop the hackers’ access, examine the extent of the incident and put additional security measures in place.Defending the delay, commission chair John Pullinger said: “If you go public on a vulnerability before you have sealed it off, then you are risking more vulnerabilities.” He is reported to have said the ‘very sophisticated attack involved using software to try and get in and evade our systems’. Well, that clearly worked then.
The world of digital data
He reportedly said that the hackers were not able to alter or delete any information on the electoral registers themselves, which are maintained by registration officers around the country. Information about donations and loans to political parties and registered campaigners is held in a system that is not affected by this incident, the notice added. He understood public concern, and would like to apologise to those affected.
Steps
The commission added that it had taken steps to secure its systems against future attacks, including by updating its login requirements, alert system and firewall policies. The Information Commissioner’s Office, which is responsible for data protection in the UK, said it was urgently investigating.
Labour’s deputy leader Angela Rayner reportedly said: ‘This serious incident must be fully and thoroughly investigated so lessons can be learned‘. Why wouldn’t it be investigated? I dislike it immensely when clueless politicians roll out this ‘standard remark’ as an attempt to demonstrate they ‘know what’s going on’.
Then what? It happens again and we have to… learn more lessons…?
