Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hackers from a DPRK-linked hacking group are behind billion-dollar Bybit crypto theft.
Security researchers have uncovered the culprits of a cryptocurrency heist that saw the cyber thieves walk away with US$1.5 billion in Ethereum.
According to blockchain investigator ZachXBT, and backed up by researchers at blockchain analysis outfit Arkham Investigations, the criminals behind the robbery of the Bybit currency exchange – the world’s second-largest exchange – were none other than the North Korean-backed advanced persistent threat, the Lazarus Group.
“At 19:09 UTC today, @zachxbt submitted definitive proof that this attack on Bybit was performed by the LAZARUS GROUP,” an Arkham spokesperson said in a 22 February post on social media platform X.
“His submission included a detailed analysis of test transactions and connected wallets used ahead of the exploit, as well as multiple forensics graphs and timing analyses.
“The submission has been shared with the Bybit team in support of their investigation. We wish them all the best.”
Later on the same day, ZackXBT added that he had found a common link between this recent crypto theft hack and two other recent hacks by the North Korean APT.
“Lazarus Group just linked an address tied to the BingX hack to this same cluster a few minutes ago which now connects the Bybit, BingX, & Phemex hacks on-chain,” ZackXBT said.
Bybit revealed it had been the victim of a cyber incident on 22 February and that “unauthorised activity within one of our Ethereum Cold Wallets” had been detected the day before.
“The transfer was part of a scheduled move of ETH from our ETH Multisig Cold Wallet to our Hot Wallet,” Bybit said.
“Unfortunately, the transaction was manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet. As a result, over 400,000 ETH and stETH worth more than $1.5 billion were transferred to an unidentified address.”
Bybit immediately confirmed that all other cold wallets were secure and that withdrawals had not been halted. The company also said its crypto reserves remain healthy and were 1:1 backed, meaning any loss can be covered.
However, as of February 2024, Bybit was able to announce that $42.89 million in assets had already been frozen as part of a “rapid, coordinated action with leading crypto institutions”.
“Bybit is pleased to share significant progress in asset recovery and the implementation of enhanced security measures,” Bybit said.
“Our commitment to transparency, security, and the protection of our users remains our highest priority.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
