According to Foresight News, the Taiwanese cryptocurrency exchange BitoPro released an attack report. After analyzing the attack method, it was found that the attack was carried out by North Korea's Lazarus Group. The hackers used social engineering to implant a Trojan into computers, then hijacked the AWS Session Token to bypass authentication and inject malicious scripts into the hot wallet host.
As previously reported by Foresight News, the Taiwanese cryptocurrency exchange BitoPro was hacked on May 8th, with losses of approximately $11.5 million. The stolen funds were subsequently deposited into Tornado Cash or converted to Bitcoin through THORChain and then deposited into Wasabi.
