The hack was similar to the WazirX incident last year, where the hackers were able to compromise the exchange’s Safe multisig wallet. In order to execute this exploit, you would probably have to compromise several devices. We have heard about how North Korean hackers have been unknowingly hired by crypto companies and this could be a way that they are able to gain access to their infrastructure.
The thing about multisig on Ethereum is that it is smart contract based, so you don’t necessarily have to steal a set of private keys directly to drain a wallet’s funds, you can instead trick the wallet co-signers into signing a malicious payload that transfers ownership of the wallet to an attacker.
So bad we are experiencing so much vulnerability in the cryptocurrency space, and a wake-up call that only we can be our security, so long as you have connected your wallet to a smart contract there is some unknown access that the other parties have over that wallet and is as bad as having access to shift funds without the other parties approvals, so crypto holder need to be smarter and be their coin holder never trust any third party with your main asset wallet and to avoid storing large coins and assets on an exchange, this North Korea hacker seems to have access to a lot of things that most cryptocurrency exchanges may not have controls over and as long as the group remains they will continue to be a threat to the cryptocurrency industry most especially exchange and other services providers.
