- Lazarus Group is linked to Bybit and Phemex hacks laundering $1.4B and $29M respectively.
- Bybit’s $1.4B loss marks the largest crypto theft in history, raising security concerns.
- ZackXBT confirmed the Lazarus Group connection with the Bybit hack citing evidence.
Cryptocurrency exchange Bybit became victim to a major security breach that resulted in what researchers called the largest crypto heist ever, with stolen assets worth over $1.4 billion including stETH, mETH tokens, and other ERC-20 tokens. Despite implementing secure systems, the Lazarus Group’s North Korean-backed hacking entity illegally accessed the exchange to steal funds exceeding $1.4 billion.
Blockchain security analysts tracked the cyberattack to Lazarus Group, which employed attack methods identical to previous incidents. Recent findings indicate that Lazarus Group from North Korea stole $1.4 billion from Bybit and $29 million from Phemex in separate cryptocurrency attacks. After Bybit’s response to the incident, the industry stabilized the situation and maintained liquidity through several exchange loans totaling $172.5 million.
Bybit Hack Details and the Role of Lazarus Group
The Bybit hack involved a highly coordinated attack on the exchange’s Ethereum cold wallet, which is generally considered secure due to its offline nature. However, attackers exploited a blind signing vulnerability to trick wallet signers into authorizing a malicious transaction. This allowed the hacker to alter the wallet’s smart contract logic and steal a significant portion of the funds.
ZachXBT led a group of blockchain investigators that established Lazarus Group involvement through its established approaches of using social engineering and exploiting smart contract vulnerabilities. The attack is attributed to state-sponsored actors who operate under the Lazarus Group after the group also performed a $620 million heist from the Ronin Network in 2022.
Source:ZachXBT
Industry Reaction and Immediate Measures Taken
Users rushed to withdraw assets from Bybit after the breach created a situation resembling a “bank run” while attempting to protect their funds. Following the hack, Bybit managed to secure a $172.5 million bridge loan from other exchanges, including Bitget Binance and MEXC. The loan established by exchanges covered 80% of stolen Ethereum assets to maintain platform liquidity while preventing additional market instability. Following the breach, Bybit reported that users’ other cold wallets stayed intact and the company started working with forensic blockchain experts to retrieve lost assets.
Other exchanges, including Bitget, joined as a response to the incident. The exchange moved its reserves valued at 40,000 ETH from Bitget to Bybit to stabilize liquidity levels and guarantees the safekeeping of user funds. Bitget also took action to blacklist wallets associated with the hack to prevent further illicit transactions. This swift inter-exchange cooperation demonstrates the crypto community’s recognition of the importance of maintaining trust and stability after such a high-profile attack.
The scale and sophistication of the Bybit hack highlight ongoing vulnerabilities in cryptocurrency exchanges. After Bybit suffered its hack, the cryptocurrency industry challenged itself to strengthen security protocols with blockchain security firms like Cyvers focusing on future prevention.
Off-chain transaction validation represents one potential solution that uses controlled simulation to validate blockchain transactions before execution to prevent social engineering attacks and other exploits. The attacks have sparked Bybit and other exchanges to enhance their security systems and hire forensic specialists to locate the funds.
