Gotta correct the record on a headline that's been running wild lately re: the WazirX hack.

Bc it is NOT significant. Or a "breakthrough."

Dude they arrested wasnt involved in the hack. He doesnt know the hackers.

Plz stop regurgitating self-aggrandizing press releases.

Here's the actual situation:

At some point prior to July 2024 the actual hackers landed a backdoor onto something that gave them some access to the WazirX multisig signers and/or their signatures.

We don't know what or who was compromised and it doesn't really matter.

Initial toehold was likely gained by tricking someone at WazirX or Liminal into installing malware -> escalated from there.

This access allowed the hackers to intercept/insert invisible, malicious payloads for signing in a way where none of the 3+ signers were able to notice.

With the recent sophisticated hacks fresh on everyone's mind, there's been a lot of talk about ✨fancy stacks and setups.✨

Yes, you should evaluate how—and with what—you sign txns.

But building a custom UI for your LAN Qubes OS AWS KMS everyday is not really the answer 😅

Background on the referenced hacks (feel free to skip):

1. Funds were stolen from each org's multisig.

2. Keys themselves were not compromised.

3. In Radiant and WazirX and maybe DMM, the keys backing the multisig were actually only on hardware wallets + actually controlled by distinct parties.

Radiant - $50m, like 2 days ago
medium.com/@RadiantCapita…

WazirX - $230m in July
x.com/WazirXIndia/st…
liminalcustody.com/blog/update-on…

DMM Bitcoin - $305m in May
The least amt is known about DMM, including whether keys were cold vs hot. Early theories said address poisoning. It def wasn't that. Attached is rampant speculation (likely all wrong)
See also: x.com/mononautical/s…

Also, note, any organization that can implement / enforce EDR, etc. should do so. Full stop. End of conversation.

However, the crypto industry generally considers this a non-starter for all sorts of philosophical + practical reasons.

So, until we get there, here's the deal:

Alright so comments here are a bit looney and I don’t particularly like them bc it distracts and undermines the actual risk.

Spoiler: @coinbase getting hacked is not the risk.

But there is still risk. Even when using Coinbase.

https://twitter.com/eleanorterrett/status/1831352537670131890

This gunna be long. Sorry. But it needs to be said. Clearly.

First: the reason I say Coinbase is not the risk is because they take INSANE measures to mitigate the risk of being hacked.

They always have.

They are really fucking serious abt security across the board.

Coinbase is NOT different bc they’ve *eliminated* the risk though.

Bc they haven’t. Bc they can’t. NO ONE CAN.

This shit is wild. The incentives are too much. The hackers have too many resources.

They will literally burn 0 days to get at Coinbase. They *have* burned 0 days.

Crypto folks (hopefully) already know that Lazarus is one of the most prevalent threat actors targeting this industry.

They rekt more people, companies, protocols than anyone else.

But it's good to know exactly how they get in. Bc another smart contract audit won't save you.

For example, one long-time fave method:
- Contact employee via social/messaging app
- Direct them to a Github for a job offer, "skills test," or to help with a bug
- Rekt individual's device
- Gain entry to company's AWS
- Rekt company (and their users)

cloud.google.com/blog/topics/th…

With permission, I’m sharing a recent convo that led to $2m+ stolen so you can see how this DPRK crew (TraderTraitor) is operating today.

These convos are pretty rare to see. Thefts occur months later, so very few uncover how the initial entry was made.

cisa.gov/news-events/cy…

this wild af

https://twitter.com/c7five/status/1803403565865771370

episode 2 even wilder

https://x.com/CertiK/status/1803450205389402215

Txn History Deposit 1

0x5a7732d8710af819dd16c82d38ed4385e137285c

0xce7d8feb6f4a88f4a2694beb8f92be6a1670d3a8fa243ab3416b46f4576d3fc5

0x8cd115e1d45dc80894204244a2749cb7cdb7ac7b14cf9809cac19714d3626bfc

0xa119fd1efd639fde5837566dfd843ba401825702e7694ce1591194b2b98297ae

0x0dea174d7bd9f6e978b98e6e1d0a0f1fc22d90f82f35537b1754d3f73652f1d6

0xa2bd92a528ffc2cb66f7317ff9e6ad55f094112e2937980c8b782d052d22dc76

0x886f187b7f3929032072a98160dac084d02a0ce62b556c64140d76f399d4922d

0x9d661a1d89613e2fa53a9ca63ad64db5401cde7d70f4eefb883724b0f1a57a31

0x1dbc11b50913f8633c049072428f4db0cce4d38cabe6087afc472c6668f5dc1a

0xa3a4a5878da0240cf0dbcb1b68bde88b877ed2c0c2390d000f796cda2c579af9

0xa158192d24ca8fa79c95fa52f8c3d564e8f6304bacea9c9dfca440d7da33ddf7

0xa7285a96eb95dd76ce129f063424679a6d465b7b9a284cdac528405c75ce8393

0x3dd977a7b2edbbe629a8bab9a9b3f0ccf253ea12e31c6f748ddac9e025167e67

🧵Highlights from the UN Security Council's 2023 report on DPRK

This one was a whopping 615 pages 😳

These reports are always like a birds eye view of random, raw, deep intel. They're amazing and shed light on attribution, irl banking networks, etc.

un.org/securitycounci…

re: Maybachs

re: DPRK IT Workers



justice.gov/opa/pr/justice…
reuters.com/technology/nor…