The Heist: Chasing an Advanced Crypto Attacker Across the Multi-cloud
Yotam Meitar
BSidesSF 2026 · Day 1 · AMC IMAX
Yotam Meitar, Director of Incident Response at Wiz, delivered a compelling talk at BSides SF, detailing a sophisticated, multi-stage cyber heist that targeted a large cryptocurrency exchange. The presentation, aptly titled "The Heist: Chasing an Advanced Crypto Attacker Across the Multi-cloud," dissected a real-world incident response effort, tracing an attacker's intricate path across numerous cloud services and on-premises infrastructure. Meitar, leveraging his decade of experience in incident response and prior background in offensive cyber operations, unveiled how a seemingly straightforward $18 million theft escalated into a much larger, multi-month campaign totaling $107 million, orchestrated by a patient and technically adept adversary.
AI review
A well-constructed real-world IR war story that earns its runtime: eight months of attacker patience, three help desk social engineering chains, GitHub Actions secret exfiltration, and cloud-native SSM abuse all stitched together into a coherent kill chain. Not groundbreaking research, but it's the kind of honest, granular incident narrative the field needs more of and rarely gets.