Tech Risk Reading Picks

1. Google uses quantum-safe digital signatures: Google has introduced quantum-safe digital signatures in its Cloud Key Management Service to help users counter future adversarial attacks, particularly those leveraging quantum computing for decryption. This move follows Microsoft's unveiling of its quantum chip, "Majorana 1." Google's new cryptographic capabilities support secure key import, exchange, encryption, decryption, and digital signatures, aiming to mitigate threats posed by the "harvest now, decrypt later" model. The digital signatures use FIPS 204 and 205 algorithms, formalized by the U.S. NIST in 2024 amid concerns over quantum threats. Google emphasized the urgency of migrating to quantum-safe algorithms to ensure protection against future forgery and tampering. [more]

2. Hacked by AI: Former Disney engineer Matthew Van Andel fell victim to a cyberattack after unknowingly downloading AI-powered software laced with hacking malware, leading to a massive breach of Disney’s Slack accounts in 2024. Hackers, identifying as "Nullbulge," accessed and leaked private company data, including employee identities, computer code, and unreleased project details, citing grievances over Disney’s business practices. Van Andel became a personal target, with hackers threatening to expose his private information unless he complied with their demands. When he reported the breach to Disney, they retaliated by releasing sensitive details about him and his family, leading to harassment, panic attacks, and ultimately his dismissal after an internal investigation claimed he accessed inappropriate content—an allegation he denies. His family believes the attack was opportunistic rather than ideological, and they praised his cooperation with authorities despite personal risks. The breach continues to impact Van Andel, as attempts to access his private accounts persist. [more]

3. Beware of data poisoning in AI: AI data poisoning is emerging as a critical cybersecurity threat, where attackers manipulate the data used to train AI models, leading to harmful consequences such as misdiagnosed diseases, compromised chatbots, and undetected phishing attacks. This tactic undermines the reliability of AI, particularly in sensitive fields like healthcare, cybersecurity, and autonomous systems. Drawing parallels to the SolarWinds attack, data poisoning exploits AI’s interconnected ecosystem, potentially impacting vast networks. The role of Chief Data Officers (CDOs) is expected to become more crucial, as securing AI requires rigorous vetting of data sources. With AI adoption growing rapidly, data poisoning attacks are inevitable, necessitating a proactive security approach to safeguard AI systems from manipulation. [more]

Web3 Cryptospace Spotlight

1. ByBit lost $1.5B - Largest Web3 Heist: Hackers stole $1.4 billion worth of Ethereum from the cryptocurrency exchange Bybit in what is being called the largest-ever crypto heist. The attack occurred during a transfer from Bybit’s offline “cold” wallet to an online “warm” wallet, exploiting a vulnerability that masked the transaction’s true details. Investigators, including crypto sleuth ZachXBT, tracked the stolen funds being split across multiple addresses. Bybit CEO Ben Zhou confirmed the theft and assured users that other wallets were secure, with the exchange having sufficient liquidity to cover withdrawals. Speculation suggests the compromise may have originated from Bybit’s wallet provider, Safe, which has since paused some functionalities. Despite the loss, Bybit claims to have secured bridge loans to recover 80% of the stolen funds. This attack adds to the long history of major crypto heists, with North Korea’s Lazarus Group being a notorious player in past incidents. [more]

   1. Bybit highlighted security Integrity in infrastructure amid Safe{Wallet} incident: Bybit, the world’s second-largest cryptocurrency exchange, has provided an update on its forensic investigation into a recent security incident. The review, conducted by third-party experts Verichains and Sygnia Labs, confirmed that Bybit’s infrastructure remains uncompromised. The attack was traced to the compromise of a Safe developer’s credentials, allowing unauthorized access to the Safe{Wallet} infrastructure and deceiving signers into approving a malicious transaction. Bybit swiftly moved funds out of affected addresses and is actively exploring more secure wallet solutions. [more] [more-3rd_party_reports]

   2. North Korea-linked actors: Elliptic attributed the Bybit theft to North Korea based on its analysis of the stolen crypto laundering. North Korea-linked actors have stolen over $6 billion in crypto since 2017, reportedly funding the country's missile program. The FBI later confirmed this attribution. [more]

   3. Investigation - Summary of Bybit hack: A cybersecurity investigation by Sygnia traced Bybit’s $1.4 billion hack to Safe Wallet, a popular multi-signature wallet provider. The attack, attributed to North Korean hacking group Lazarus, involved injecting malicious code into Safe Wallet’s cloud infrastructure via a compromised developer machine. The code activated when Bybit attempted a transaction, covertly altering it to grant Lazarus control over the funds. Once executed, Lazarus swiftly removed the malicious code to cover its tracks. Safe Wallet confirmed the breach but assured users that its infrastructure had been rebuilt and secured. Verichains’ independent investigation supported Sygnia’s findings, reinforcing concerns about verifying sensitive transactions independently. [more]

2. Infini breached: The cryptocurrency industry has been hit by another cyberattack, this time targeting Hong Kong-based neobank Infini, where hackers stole $50 million in USDC, converted it into Ethereum, and moved it to a separate wallet. The breach follows Bybit’s massive over $1.4 billion hack last week, which has been linked to North Korea’s Lazarus Group. Despite the setback, Infini’s co-founder assured users of full compensation, while Bybit has managed to restore over $1.2 billion in Ethereum reserves. These attacks highlight the persistent security risks in the crypto space, which has already suffered $2.2 billion in losses across 303 hacks in 2024 alone. [more]

3. Rogue employee abused privileged access: A former Infini developer exploited retained admin privileges to steal $49.5 million in USDC, converting it into 17,696 ETH before transferring it externally. Infini founder Christian Li assured full user compensation and active investigations. This breach, alongside the $1.46 billion Bybit hack, has heightened concerns over DeFi and centralized exchange security. Bybit's swift response to the hack, processing $6.7 billion in withdrawals, reassured investors and distinguished it from FTX’s collapse. Industry leaders are now debating security enhancements, rollback measures, and hacker bounties to mitigate future threats. [more]

4. NIST’s report on Web3 security: NIST's Internal Report 8475, A Security Perspective on the Web3 Paradigm, examines the shift from the traditional client-server internet model—where organizations control user data—to a decentralized Web3 model that enables users to own, manage, and store their data while collaboratively running applications. The report provides an overview of Web3 concepts, explores relevant emerging technologies, and highlights key security and privacy concerns that must be addressed as the paradigm evolves. [more]