Lazarus ByBit $1.4B heist was supply chain attack on developer

Three Buddy Problem – Episode 36: Ryan and Juanito join the show from the RE//verse conference with discussion on Natalie Silvanovic’s keynote on hunting for bugs in mobile messengers, the thrill of looking at exposed attack surfaces and the grueling “losses” bug hunters endure before a breakthrough.

We also cover the latest on the $1.4 billion ByBit hack pinned on the Lazarus Group and the malicious JavaScript supply chain attack at the center of the cryptocurrency heist. Plus, the ethical gray zones of tethered exploits via Cellebrite, the whiplash of AI-driven threat intel, and the looming pivot in U.S. cyber policy signaling a stand-down on Russia-focused ops.

Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Links:

• Transcript (unedited, AI-generated)
• RE//verse Conference
• FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge
• FBI alert on $1.5b crypto heist
• CISA report on TraderTraitor
• Bybit launches bug bounty program
• Lazarus Bounty
• Cellebrite zero-day exploit used to target phone of Serbian student activist
• Trump administration retreats in fight against Russian cyber threats
• Hegseth orders Cyber Command to stand down on Russia planning