Apple has removed its Advanced Data Protection (ADP) feature for iCloud data in the United Kingdom following a government order demanding backdoor access to encrypted user data.

The UK government issued a technical capability notice under the Investigatory Powers Act of 2016, requiring Apple to provide access to encrypted iCloud data, which would have compromised the end-to-end encryption for users worldwide.

Apple has disabled ADP for new users in the UK and will eventually require existing users to disable it manually.

This move affects iCloud data such as photos, notes, messages, and device backups, but does not impact iMessage, FaceTime, password management, and health data, which remain end-to-end encrypted.

Apple has stated that it is "gravely disappointed" and remains committed to offering the highest level of security for users' personal data.

In a statement by Apple spokesperson Fred Sainz said the company’s Advanced Data Protection feature will no longer be available to new users and current U.K. users “will eventually need to disable this security feature.”

“We are gravely disappointed that the protections provided by ADP will not be available to our customers in the U.K. given the continuing rise of data breaches and other threats to customer privacy,” the company said. “Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before."

The UK government's demand is controversial, as it would have provided access to data from users worldwide without their knowledge or consent 

Privacy advocates and tech experts have criticized the UK government's actions, noting that the move undermines user privacy and security

Cryptocurrency exchange Bybit has revealed a $1.4 billion hack of their Ethereum cold wallet, one of the largest crypto thefts in history. The attack involved a sophisticated scheme that manipulated a planned transfer, allowing the hacker to drain the funds from the cold wallet to an unidentified address. Over $1.46 billion worth of Ethereum (ETH) and staked Ethereum (stETH) was stolen.

The hacker exploited a "masked" UI and URL, deceiving wallet signers into unknowingly approving a malicious transaction. This allowed the attacker to alter the smart contract logic and gain control of the ETH cold wallet.

"Bybit detected unauthorized activity involving one of our ETH cold wallets," the company wrote on X Friday. "The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic. As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.

"Our security team, alongside leading blockchain forensic experts and partners, is actively investigating the incident. Any teams with expertise in blockchain analytics and fund recovery who can assist in tracing these assets are welcome to collaborate with us.

"We want to assure our users and partners that all other Bybit cold wallets remain fully secure. All client funds are safe, and our operations continue as usual without any disruption. Transparency and security remain our top priorities, and we will provide updates asap"

A report by blockchain investigator ZachXBT provided strong evidence linking the attack to the Lazarus Group, a hacking organization linked to North Korea.

Bybit is working with blockchain forensic experts to investigate the incident and trace the assets. And it has secured around 80% of the funding needed to cover the loss through partner bridge loans.

The company's CEO Ben Zhou wrote on X, "Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss."

The CEO in a later update wrote: "Since the hack (10 hrs ago) , Bybit has experienced the most number of withdraws that we have ever seen, We have had a total number of more than 350k withdraws requests, so far, around 2100 withdraw requests left to be processed. Overall 99. 994% withdraws have been completed. If your withdraws are completed, please leave a comments here. 

"Although we have been hit by the worst hack possibly in the history of any medians (banks, crypto, finance), But all Bybit functions and product remain functional, the Whole team had been awake all night to process and answer client questions and concerns. ALL hands on DECK.  Rest assured, we are here with you."

The hack caused significant volatility in the cryptocurrency market, with Ethereum (ETH) experiencing a sharp dip from the $2,850 key level, declining by 6%.

The incident has raised questions about the security of non-bitcoin digital assets.