In just over 18 months, North Korean hackers, including the infamous Lazarus group, have stole more than $1.755 billion in code using the same “hijacked multi-sig” technology.
However, there may be a solution, but it’s easier than you think.
A thread posted to X by veteran security researcher Daniel von Fange has suggested adding steps to the typical Multisig workflow until recently in Origin Protocol.
This change inserts a surprisingly simple sanity check on approved actions and ratifies them between signing and execution.
Read more: Radiant Capital’s $50 Million Crypto Hack highlights Defi’s multisig dependencies
What is a hijacked multisig?
Multisig wallets require transactions to be signed by a specific threshold of trusted addresses. They aim to increase security by ensuring that a single compromised address cannot cause significant damage on its own.
However, Lazarus’ priority attack vector depends on Trick multiple members of the Crypto Company team Sign a malicious transaction disguised as normal operational activities.
The signature then “hijacks” the organization’s multi-sig wallet and governs the funds contained in the hackers for free.
The compromised multisig has truly resulted in incredible losses over the past year or so. First, India’s crypto exchange Wazirx released assets worth $230 million in July last year.
Three months later, Defi Protocol Radiant Capital was It’s a hit for $50 million.
Finally, in the biggest robbery in history, BYBIT lost $1.5 billion to Lazarulling Hackers this February.
The signer will sign through multi-signed control via a spoofed front-end presenting a transaction that appears completely normal. In the case of radiation, the developer device was infected with malware, but preparation for the bibit hack involves individually damaging the SAFE {Wallet} UI.
How to solve Lazarus’ problem
So far, the security community has focused on improving the readability of transactional data on hardware devices, including scripts written in the wake of a hack sparkled by the security alliance Pascal Caversacio.
Read more: Defi Security Researcher involved in a $50 million radioactive capital hack
Von Fange highlighted the immediacy of the hijacking attack vector, saying, “When the signature lands on the chain from the attacker, the game is over and when it turns out. It could have been collected a few weeks or months ago.”
Consulting with other researchers from Optimism, Security Alliance, Origin Protocol, he said, “What’s the “Revert the slamThis allows teams to revive their second chance before malicious transactions take effect.
Read more: North Korean hackers pretending to be exposed developers in “I Hate Kim Jongun” test
He encourages some large teams that need sufficient protection to try such workflows to prove their effectiveness.
“Smart, evil, people are now controlling the computers of the project and preparing to try this one more time,” he says.
“It saves you a billion dollars.”
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
