?Over the weekend, blockchain security companies and experts have linked North Korea’s Lazarus hacking group to the theft of over $1.5 billion from cryptocurrency exchange Bybit.
In what is now considered the largest crypto heist in history, the attackers intercepted a planned transfer of funds from one of Bybit’s cold wallets into a hot wallet, redirecting the crypto assets to a blockchain address under their control.
“On February 21, 2025, at approximately 12:30 PM UTC , Bybit detected unauthorized activity within one of our Ethereum (ETH) Cold Wallets during a routine transfer process. The transfer was part of a scheduled move of ETH from our ETH Multisig Cold Wallet to our Hot Wallet,” Bybit explained in a post-mortem published on Friday.
I could probably agree on the sophistocation. That paragraph says:
“Unfortunately, the transaction was manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet. As a result, over 400,000 ETH and stETH worth more than $1.5 billion were transferred to an unidentified address.”
How though could it restore its reserves if money was stolen?
The crypto exchange has since restored its ETH reserves, and the company’s CEO says that Bybit is solvent even if the lost assets will not be fully recovered.
I’ll give you a guess with north korean group was named in this article.
Since the attack, crypto fraud investigator ZachXBT has discovered links between the Bybit hackers and the infamous North Korean Lazarus threat group after the attackers sent stolen Bybit funds to an Ethereum address previously used in the Phemex, BingX, and Poloniex hacks.
“Today when laundering funds for the Bybit Hack the Poloniex hack was also linked on-chain in consolidation address 0x15ec,” ZachXBT said. “This now shows the same entity is tied to four different hacks (Bybit, Poloniex, Phemex, BingX).”
Nice going. Really. Nice going.
Here’s more.
The researcher also said the threat actors launched and traded Pump Fun meme coins to launder the stolen cryptocurrency, with funds from the Bybit hack reaching more than 920 blockchain addresses. ZachXBT also claimed the Lazarus hackers are laundering ETH stolen from Bybit Hack using eXch (a centralized mixer) and bridging funds to Bitcoin via Chainflip.
With no surprise
Blockchain analysis company Elliptic said the Lazarus hackers have already moved the stolen funds through large numbers of cryptocurrency wallets to conceal the assets’ actual origin and slow down tracing attempts.
EXCH has denied having any involvment in stolen funds, says the article.
However, eXch has denied laundering funds stolen from Bybit, saying that “eXch is NOT laundering money for Lazarus/DPRK” and that “the insignificant portion of funds from the ByBit hack eventually entered our address [..] was an isolated case and the only part processed by our exchange, fees from which we will be donated for the public good.”
Read the article titled North Korean hackers linked to $1.5 billion ByBit crypto heist for complete details.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.