Andrew MacPherson’s LABScon 2025 talk unpacks the technical realities of crypto crime, explaining how front-end wallets, developer environments, and supply-chain weaknesses have enabled roughly $9 billion in illicit funds to be stolen. He details major attack patterns including the $1.5 billion Bybit heist, developer machine compromises and production JavaScript tampering, and discusses laundering methods like cross-chain swaps and Tornado Cash. #Bybit #TornadoCash
Keypoints
- Crypto crime has amassed approximately $9 billion in illicit funds, driven by sophisticated attacks across the DeFi ecosystem.
- The architectural model of many crypto apps relies on frontends and browser wallet extensions, concentrating risk at the client-side interaction layer.
- Attackers target every weak point: application code, developer environments, supply chains, and high-value personnel (developers/executives).
- The largest highlighted incident is the $1.5 billion Bybit heist, which involved infecting a developer’s machine, accessing production JavaScript, and modifying it to authorize a full wallet drain during a multi-signature transaction.
- Supply-chain vectors include typo-squatting, exploitation of exposed personal servers (e.g., Plex) to compromise GitHub accounts, and commercialization of “drainers as a service.”
- Stolen funds are laundered using cross-chain swaps, mixers such as Tornado Cash, and non-KYC platforms, complicating tracking despite blockchains’ public logs.
MITRE Techniques
Indicators of Compromise
- [No specific IOCs ] The article does not provide IP addresses, file hashes, domains, or file names – no explicit IOCs were listed in the write-up.