100 Supercars' Worth of Crypto Stolen—Did North Korea Hack Bybit?

- On February 21, 2025, a hack on Bybit resulted in the theft of approximately $1.46 billion worth of Ethereum and ERC-20 tokens. -North Korea's Lazarus Group was behind the attack, exploiting smart contract vulnerabilities and targeting multisignature wallets. [Unblock Media] On February 21, 2025, the global cryptocurrency exchange Bybit suffered a large-scale hacking attack, resulting in the theft of approximately $1.46 billion worth of Ethereum and other ERC-20 tokens. This incident is expected to be recorded as one of the largest hacks in cryptocurrency exchange history. According to forensic analysis by security expert ZachXBT, definitive evidence has emerged linking the attack to the Lazarus Group. The hackers employed sophisticated attack methods exploiting vulnerabilities in smart contracts, targeting Bybit's multisignature wallet. The hackers used the vulnerability in smart contracts and the multisignature wallet to steal assets, demonstrating sophisticated techniques believed to be employed by the Lazarus Group. Attackers induced asset transfers by manipulating smart contract logic and primarily targeted Bybit's Ethereum multisignature cold wallet. Specifically, they manipulated the transaction signing interface to trick signers into authorizing malicious transactions, then altered the internal logic of the multisignature wallet's smart contract. This process set the asset transfers to be redirected to wallets specified by the hackers, making it appear as normal transactions and therefore difficult to trace. According to the cryptocurrency analysis account Arkham, the stolen assets were transferred to multiple hacker wallets. They revealed that approximately $1.37 billion worth of Ethereum stolen by the hackers is currently distributed across more than 53 wallets. Some of these assets may have been converted into Ethereum alternative tokens through decentralized exchanges. StarPlatinumSOL, an ambassador for the Ronin Network, claimed that Park Jin Hyok, a hacker affiliated with North Korea, was involved in this attack. Following the Bybit hacking incident, the price of Ethereum dropped, and the volatility of the cryptocurrency market increased. Ethereum's price plunged about 4%, from $2,850 to $2,680, upon the news of the hack. Bitcoin also fell alongside Ethereum, leading to a drop of approximately 0.80% in the total cryptocurrency market capitalization. Additionally, market instability surged, and 24-hour trading volumes spiked from 60% to 82%, as there was speculation that the stolen assets might be sold off in large volumes. This led some investors to move their assets to decentralized wallets or other exchanges amidst the growing uncertainty. Bybit's quick emergency response and customer protection measures have drawn attention. Bybit CEO Ben Zhou continuously shared the response strategy via his account on X (Twitter) and issued official statements post-hack. He said, "In the ten hours post-hack, Bybit witnessed the largest withdrawal requests in its history," and proclaimed, "So far, 99.994% of withdrawals have been processed successfully, with all Bybit functions and products operating normally." Bybit conducted urgent server checks to prevent further damage and confirmed no breaches in other cold wallets. They are also working on plans for customer asset protection and reimbursement. However, Bybit's swift and transparent response has mitigated the market impact and prevented significant user exodus, earning it positive evaluations. Casey Taylor, Dragonfly's support lead for crypto ventures, commended Bybit's timely and transparent actions, suggesting that their response was well-prepared rather than merely reactive. Other experts also praised the immediate notifications, rapid processing of large withdrawal requests, and CEO Zhou’s real-time communication for minimizing damage and user desertion. This incident underscores the increasing importance of enhancing security technologies for cryptocurrency exchanges. There is a growing call for thorough analysis of security vulnerabilities in multisignature wallets and smart contracts and the implementation of more sophisticated security systems. Additionally, there is a push for international cooperation and funding tracking efforts against hacking organizations like the Lazarus Group from North Korea. Restoring market confidence remains a critical challenge, and Bybit will need ongoing and transparent communication to rebuild user trust. The Bybit hack will stand as a representative case of sophisticated attacks exploiting vulnerabilities in smart contracts and multisignature wallets. The cryptocurrency industry must develop more robust security protocols and real-time threat detection systems. Strengthened security awareness among cryptocurrency exchanges and international cooperation to thwart hacking organizations are key to enhancing overall industry stability.