The cryptocurrency sector is reeling from an astonishing cyber heist on Friday, attributed to what appears to be North Korean hackers, resulting in the unprecedented theft of $1.5 billion from the Dubai-based exchange, Bybit. This breach marks the largest theft in the history of digital assets.

Representatives from Bybit revealed that over 400,000 Ethereum and staked Ethereum coins were stolen just hours after the incident. The announcement indicated that these digital assets had been secured in a “Multisig Cold Wallet” before being somehow moved to one of the exchange’s hot wallets. Once transferred, the cryptocurrency was swiftly moved out of Bybit into wallets owned by the unidentified hackers.

The Dilemma of Wallet Temperature

Experts from the blockchain analytics firm Elliptic confirmed over the weekend that the methods used for laundering the stolen funds strongly suggest involvement by North Korean cybercriminals. This revelation is not unexpected, as the reclusive nation has been known to operate a lucrative cryptocurrency theft operation, largely to finance its weapons development programs.

Multisig cold wallets, often referred to as multisig safes, are regarded as one of the most secure options for storing significant amounts of cryptocurrency. In the following sections, we will explore how the hackers managed to overcome this formidable security measure. But first, let’s delve into the concepts of cold wallets and multisig cold wallets, and how they protect cryptocurrency from theft.

Cryptocurrency wallets utilize advanced encryption techniques to securely store Bitcoin, Ethereum, and other digital currencies. Many of these wallets are accessible online, facilitating the sending and receiving of funds to and from other web-connected wallets. However, in the past decade, these so-called hot wallets have fallen victim to cyberattacks resulting in losses amounting to billions, if not trillions, of dollars. Typically, these breaches occur when hackers gain access to the wallet’s private key, enabling them to drain the wallet before the owner realizes the key has been compromised.