Key Points
- Exchanges including Binance, Bitget, Huobi, and others transferred tens of thousands of ETH to Bybit.
- Arkham cited data from ZachXBT on-chain investigator proving the attack was performed by Lazarus Group.
On February 21, the crypto exchange Bybit suffered the biggest hack in its history. Following a security breach to the exchange’s multi-signature cold wallet, almost $1.5 billion in ETH and stETH have been moved to previously unknown addresses.
Meanwhile, Arkham reported that ZachXBT on-chain investigator submitted definitive proof showing that the Bybit attack was performed by Lazarus, a North Korean hacking group.
Since the hack, multiple crypto exchanges have supported Bybit by sending considerable amounts of ETH to its cold wallets.
Crypto Leaders Are Actively Sending ETH to Bybit
New reports revealed that crypto leaders are actively sending ETH to Bybit to support the exchange’s liquidity. Huobi co-founder Du Jun deposited 10,000 ETH worth over $27,3 million to the exchange, saying he would not withdraw it for a month.
Earlier, over 86,000 ETH worth over $230 million were sent to Bybit’s cold wallet from Binance’s wallets and Bitget as well. Bitget’s CEO, Gracy Chen, publicly expressed the team’s support in helping Bybit with its ongoing investigation.
Meanwhile, Arkham revealed definitive proof that the attack on Bybit was performed by the Lazarus Group.
Lazarus Group Behind Bybit’s $1.5 Billion Hack
In an earlier post via X, Arkham revealed that ZachXBT on-chain investigator had submitted definitive proof that the attack on Bybit was performed by the North Korean Lazarus Group.
His submission included a detailed analysis of test transactions and connected wallets ahead of the exploit, along with multiple forensics graphics and timing analysis.
Arkham said that the $1 billion hack bounty was solved eventually by ZachXBT. This bounty was created by Arkham to help identify the person/group behind Bybit’s hack.
Web3 researcher known as Pix on X, also a Bubblemaps ambassador, shared a thread detailing the moves made by the state-backed North Korean hacking group. He explained that they have previously stolen billions from banks, crypto exchanges, and DeFi protocols and now they pulled the biggest crypto heist in history.
He also said that in previous attacks, Lazarus had used:
- Bridging to other blockchains
- On-chain mixing services
- OTC trading via illicit brokers
Bybit’s $1.5 Billion Hack, Explained
Yesterday, hackers stole almost $1.5 billion in ETH and stETH from Bybit’s cold wallet by manipulating a security transaction. The stolen funds were moved across multiple wallets and sold on DEXs.
Bybit’s CEO, Ben Zhou, explained that the exchange’s ETH multisig cold wallet made a transfer to the warm wallet and it looked like the transaction was musked. All the signers saw the musked UI which showed the correct address and the URL was from Safe, the largest smart account ecosystem on the EVM.
The signing message was reportedly to change the smart contract logic of Bybit’s ETH cold wallet, and this resulted in the hacker taking control of the specific wallet.
After gaining control of the wallet, the hackers began moving and selling funds.
Bybit’s Response and Security Investigation
Following the hack, Bybit confirmed that all the other cold wallets remained secure, and the platform’s operations including its withdrawals worked normally.
Earlier today, Zhou said that over 12 hours after the work hack in history, all withdrawals have been eventually processed.
He also said that Bybit will come out with a full report about the incident during the next few days.
After asking industry members to support the exchange in its investigation, earlier today, Bybit said that it would release a bounty program soon to whoever helps the exchange block and trace the stolen funds.
Meanwhile, Zhou revealed that some funds were being moved to Chainflip.io as bridge to convert to BTC and asked bridges to help by blocking and preventing further conversion to other chains.
Huge Support From the Crypto Industry
A few hours ago, Bybit shared a post via X, thanking the entire crypto industry and community for all the support they received following the security incident on February 21.
The exchange highlighted that all these efforts mirrored the way in which crypto stuck together and solved the issue. These collective efforts show that the crypto industry has matured and grown and can organize itself.
Over the past 12 hours, Bybit supporters have offered help by:
- Borrowing ETH to facilitate withdrawals
- Increasing liquidity for USDT and USDC
Bybit mentioned in a post via X that one of the most brilliant tech experts dedicated hours to identify the root cause and provided the exchange with the first investigation report.
The COO of Bybit, Helen Liu, said that, just like him, many partners stepped up, proving that when the crypto industry is challenged, members come together to fight for it.
Currently, Bybit’s liquidity has been restored and no more support is reportedly needed.
Together with the crypto industry, Bybit overcame the biggest hack in its history.
It’s also worth noting that the exchange held its promise and officially revealed all liquidation data for increased transparency and user trust in the ecosystem.
