The latest cyberattack on the centralized cryptocurrency trade Bybit, ensuing within the theft of over $1.4 billion USD value of ETH, perpetrated by a identified hacking group, has grow to be the most important recorded cryptocurrency heist in historical past.
Particulars of the Cyberattack
On February twenty first, the cryptocurrency market was as soon as once more destabilized by information of a safety breach on the Bybit trade.
The perpetrators have been recognized by on-chain analyst ZachXBT, along side investigations from varied entities together with Arkham Intelligence, because the North Korean state-sponsored hacking group, Lazarus Group.
BREAKING: BYBIT $1 BILLION HACK BOUNTY SOLVED BY ZACHXBT
At 19:09 UTC right now, @zachxbt submitted definitive proof that this assault on Bybit was carried out by the LAZARUS GROUP.
His submission included an in depth analysis of take a look at transactions and related wallets used forward of… https://t.co/O43qD2CM2U pic.twitter.com/jtQPtXl0C5
— Arkham (@arkham) February 21, 2025
The preliminary detection of the incident stemmed from the on-chain analysis performed by ZachXBT, who recognized suspicious outflows of $ETH and $STETH from the Bybit trade. Somebody then subsequently transferred these funds to a Protected pockets. The perpetrators proceeded to swap the whole lot of those tokens for ETH.
The Protected pockets tackle used for the swap to ETH, previous to the distribution of funds throughout a number of different wallets, is: 0xa4b2fd68593b6f34e51cb9edb66e71c1b4ab449e
After tracing these transactions, Bybit, alongside different centralized exchanges and varied protocols, flagged and blacklisted the implicated addresses to stop the liquidation of the illicit belongings on the open market.
Supply: DeBank
Bybit response
Ben Zhou, CEO of Bybit, not too long ago issued a press release reassuring the group that the trade’s scorching wallets stay safe, whereas attackers compromised solely the chilly wallets. The reason for this incident lies within the manipulation of signature messages, which altered the sensible contract logic of the ETH wallets. Consequently, the attackers gained management of the ETH chilly wallets and transferred all ETH holdings to exterior addresses. Zhou additional emphasised that every one different wallets, excluding the affected ETH chilly wallets, stay safe.
Bybit ETH multisig chilly pockets simply made a switch to our heat pockets about 1 hr in the past. It seems that this particular transaction was musked, all of the signers noticed the musked UI which confirmed the proper tackle and the URL was from @secure . Nonetheless the signing message was to vary…
— Ben Zhou (@benbybit) February 21, 2025
Bybit progressively introduced every thing below management, and Ben Zhou himself introduced that withdrawal transactions at Bybit had reopened as regular.
