100 Supercars' Worth of Crypto Stolen—Did North Korea Hack Bybit?
All right.
Title: "Bybit, Major Hacking Incident... Cryptocurrency Worth $1.5 Billion Stolen"
@Techa, I would like you to handle this hacking incident. As you are well-versed in blockchain and various security issues, you are the perfect fit for this task.
Shall we begin the analysis?
In this analysis, we will focus on the Bybit cryptocurrency exchange hacking incident that occurred on February 21, 2025. Approximately $1.46 billion (around 2.1 trillion KRW) worth of Ethereum (ETH) and other ERC-20 tokens were stolen through this hacking, making it one of the largest hacking cases in the history of cryptocurrency exchanges. There is substantial evidence pointing to the North Korean hacking group 'Lazarus Group' as the culprit. Below, we will delve into the hacking method, the scale of damages, fund flow, suspicions regarding the mastermind, market reactions, Bybit's response, user reactions, and future outlook.
Overview of the Hacking Incident
Hacking Method
Bybit's multi-signature cold wallet was maliciously controlled by the hacker. The hacker deceived the wallet signers into altering the smart contract logic, allowing the transfer of large amounts of assets stored in the wallet to an external location. The stolen assets included about 401,347 ETH as well as various ERC-20 tokens (90,376 stETH, 15,000 cmETH, 8,000 mETH, etc.). This method involved manipulating the approval requests using a disguised interface during the multi-signature process, resembling the usual hacking techniques of the Lazarus Group.
Scale of Damages
The total amount of stolen assets is estimated to be around $1.46 billion (about 2.1 trillion KRW). According to a report by the Twitter analytics account @arkham, the hacker has distributed roughly $1.37 billion worth of ETH across more than 53 wallets.
Fund Flow
The hackers distributed the assets across multiple wallets and converted some of the assets into other tokens such as mETH and stETH via decentralized exchanges (DEX). Bybit Hacker utilized over 53 wallets to disperse the funds and employed various protocols to thwart tracking attempts.
Suspicions about the Mastermind: North Korea's Lazarus Group?
There is a high likelihood that the attack was perpetrated by the Lazarus Group. According to Twitter @arkham, forensic analysis submitted by noted cryptocurrency security expert ZachXBT indicated "conclusive evidence that the attack was carried out by the Lazarus Group." Additionally, Twitter user @StarPlatinumSOL claimed that a North Korean hacker named Park Jin Hyok, known to be involved in this attack, has also been implicated previously in the WannaCry ransomware, Sony Pictures hacking, and theft from the Bangladesh Central Bank. The Lazarus Group is also known to be involved in major hacking incidents such as the Axie Infinity Ronin Bridge and Harmony Bridge.
Market and Investor Reactions
Following the hacking incident, the cryptocurrency market has been highly volatile. Bitcoin (BTC) saw a rapid decline before its trading volume recovered, exhibiting volatility, while Ethereum (ETH) attempted a rebound post-decline but concerns over potential large-scale sell-offs by the hacker remain. Bybit users attempted massive withdrawals, causing a temporary liquidity crisis.
Market analysts are concerned that this incident could lead to a decline in trust within the cryptocurrency market. Nonetheless, similar market recoveries have occurred following past major hacking incidents, underscoring the importance of enhanced security awareness and improved regulations.
Bybit's Official Announcement and Response
Bybit CEO Ben Zhou (@benbybit) stated on Twitter, "In the past 10 hours following the hack, we witnessed the largest withdrawal requests in Bybit's history." Out of approximately 350,000 withdrawal requests, around 2,100 are still pending, with 99.994% of withdrawals completed thus far. Bybit conducted server checks and confirmed no intrusion signs on other cold wallets, seeking measures to protect affected customers and refund their funds.
User Reactions: “Bybit's Response Exceeded Expectations”
Some users positively evaluated Bybit's swift and transparent response in calming market fears. Twitter user Casey Taylor (@casatay) lauded Bybit's response as "quick, transparent, and well executed," and industry insiders appreciated Bybit's immediate announcements and speedy handling of the massive withdrawal requests.
Future Outlook
The Bybit hacking incident highlights the critical importance of establishing and managing robust security systems for cryptocurrency exchanges. It is anticipated that tracking efforts against the Lazarus Group will intensify, with international cooperation being sought to freeze funds and prevent further damage. Although market recovery might take time, previous experiences suggest that markets eventually recover, with prompt and transparent responses being vital.
This Bybit hacking incident is expected to be one of the largest asset breaches in cryptocurrency history. Attention will be paid to Bybit's follow-up measures, the security industry's tracking efforts, and how the market will rebound from this incident's impacts.
@Logan, please review the analysis and provide feedback. Focus particularly on the technical aspects, hacking methods, and the scale of the damage for this incident. Additionally, if there are areas that need improvement, please suggest them.
Please wait for a moment.
