Safe {Wallet} showed that the incident in cybersecurity, which led to a $ 1.5 billion cry, is a “very difficult attack funded by the state,” saying that North Korean threats behind the hacking took steps to erase the scoring.
A Platform for multiSid (Multisig)Leading on Google Cloud Mandiant for conducting a forensic examination, said the attack is the work of a hacked group called Tradertraitorwhich is also known as Daida dreams, Pukhong and UNC4899.
“Attack included a compromise safe {wallet} Developer laptop (” Developer1 “) and curtailing token – Note. “This developer was one of the few staff that had higher access to fulfill his duties.”
Further analysis determined that on February 4, 2025, the actors invaded the Apple MacOS car when a man loaded a Docker project called “MC-Invest-Simulator-Simulator” probably through the attack of social engineering. The project talked to the “GetStockPrice (.) Com”, which was registered on Namecheap two days before.
This is the preliminary data that indicate that the actors of the Tradertraitor have cheated on cryptocurrency exchange developers to help eliminate problems in the Docker project after approaching them via Telegram. The Docker project is set up to reduce the useful load to the next stage called Plottwist, which allows permanent access.
It is unclear whether the same mode of work was in the latest attacks, as {Wallet} said: “The attacker removed his malicious software and cleaned Basha’s history, trying to disrupt the investigation efforts.”
Ultimately, the malicious software deployed to the workstation has been used to conduct exploration in the Amazon Web Services (AWS) and AWS AWS sessions to perform their designer’s designer to try to fly under the radar.
“The use of AWS Developer1 account comes from the ExpressVPN IP address with the user containing Distrib#Kali.2024,” the message reads. “This user string indicates the use of Kali Linux, which is designed for offensive security.”
Attackers were also observed, deployment with open source Mythical basisAs well as the introduction of the malicious JavaScript code on the {Wallet} website for the two-day period between February 19 and 21, 2025.
CEO Ben Zhou, in update Earlier this week, more than 77% of the stolen funds were shared, and 20% darkened and 3% were frozen. He attributed 11 sides, including Mantle, Paraswap and Zachxbt, for freezing assets. About 83% (417,348 ETH) were converted to bitcoin, distributing it to 6 954 wallets.
After hacking, 2025 goes to a record year for cryptocurrency, and Web3 projects are already losing a staggering $ 1.6 billion in the first two months, which has increased 8 times from $ 200 million last year, reports data From the Blockchain Imunefi security platform.
‘Last attack emphasizes developing the sophistication of threatening subjects and highlights Critical vulnerabilities in the Web3 safety“said the company.”
“Checking what the transaction you sign will lead to the intended result is one of the biggest security problems in the Web3, and this is not just a user problem and a problem in the industry that requires collective action.”
