From 2ab7718fdac26997940ec044a781bd7ad975ffd0 Mon Sep 17 00:00:00 2001 From: bear Date: Wed, 26 Feb 2025 11:41:56 +0800 Subject: [PATCH] Add Bybit's $1.4 Billion ETH Hack and Lazarus Bounty cards with detailed overviews and reward structures --- cards/ByBit's $1.4 Billon ETH Hack.md | 11 +++++++++++ cards/Lazarusbounty.md | 24 ++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 cards/ByBit's $1.4 Billon ETH Hack.md create mode 100644 cards/Lazarusbounty.md diff --git a/cards/ByBit's $1.4 Billon ETH Hack.md b/cards/ByBit's $1.4 Billon ETH Hack.md new file mode 100644 index 0000000..440834c --- /dev/null +++ b/cards/ByBit's $1.4 Billon ETH Hack.md @@ -0,0 +1,11 @@ +#show-card + +# Bybit's $1.4 Billion ETH Hack + +## Overview + +On Feb 21, 2025, the world's second-largest cryptocurrency exchange Bybit suffered a massive security breach, resulting in the theft of approximately 410,000 ETH (worth $1.4 billion at the time). The attack was believed to be orchestrated by the North Korean state-sponsored hacking group Lazarus. + +## What Happened + +From the information provided by the Bybit team, the hackers seem to have exploited the Bybit multi-signature signer system and made a mocked UI to trick the signers into signing the transactions. These mocked UIs were designed to look like the real UI with correct addresses and safe URLs. The hackers then took control of the multi-signature ETH cold wallet and transferred the funds to their own wallet. diff --git a/cards/Lazarusbounty.md b/cards/Lazarusbounty.md new file mode 100644 index 0000000..3e63697 --- /dev/null +++ b/cards/Lazarusbounty.md @@ -0,0 +1,24 @@ +#show-card + +# Lazarus Bounty + +## Overview + +[Lazarus Bounty](https://www.lazarusbounty.com/) is a collaborative program launched to counter North Korean state-sponsored hacking group Lazarus (also known as APT38 or HIDDEN COBRA), which has stolen over $3 billion in cryptocurrency assets often used to fund North Korea's weapons programs. The program incentivizes the identification and reporting of Lazarus-associated wallets through substantial financial rewards, with its importance highlighted by a recent incident [[ByBit's $1.4 Billon ETH Hack]] where approximately 1.4 billion ETH was stolen from Bybit in an attack believed to be linked to the group. + +## Reward Structure + +- The total bounty is 10% of the recovered funds, distributed as follows: + - 5% to the entity that successfully froze the funds + - 5% to contributors who helped trace the funds +- Bounties are awarded immediately once the funds are confirmed as frozen +- Rewards of up to $500,000 are available for high-quality intelligence that leads to the identification of Lazarus-controlled wallets or the recovery of stolen funds + +## How to Participate + +Participants can submit intelligence through the official website at [lazarusbounty.com](https://www.lazarusbounty.com/en/). All submissions are evaluated by experts, including former law enforcement officials specialized in cryptocurrency investigations. + + +## References +- [Ben Zhou's Twitter announcement](https://x.com/benbybit/status/1894397098323579333) +- [Official Lazarus Bounty website](https://www.lazarusbounty.com/en/) \ No newline at end of file