This article is updated as new information becomes available.
Crypto exchange Bybit has confirmed a major security breach, resulting in the loss of over $1.4 billion worth of Ethereum (ETH). The incident, which targeted one of Bybit’s cold wallets, was executed through a sophisticated phishing attack.
Analysts believe that North Korea’s Lazarus Group was behind the exploit. Despite suffering the largest crypto theft in history, the Bybit exchange claims to remain solvent.
Table of Contents
How the Hack Happened
According to Bybit’s CEO, Ben Zhou, the attackers used a “musked” transaction to deceive the exchange’s team. This involved manipulating the signing interface to display a legitimate-looking address while secretly redirecting the funds to a malicious destination. Bybit’s team unknowingly approved the transfer, allowing the attackers to take control of the cold wallet and drain it of its ETH holdings.
The stolen funds were then moved to unidentified addresses before being swapped for other tokens on decentralized exchanges, likely to make the trail harder to follow. This level of deception shows just how advanced phishing techniques have become, targeting not just users but entire companies.
Bybit Remains Solvent
In the immediate aftermath of the hack, Bybit assured users that only one cold wallet was compromised and that all other wallets remain secure. Withdrawals continued to function normally, and the exchange emphasized its solvency, stating that user assets are 1-to-1 backed.
However, the breach triggered a wave of withdrawal requests, creating liquidity constraints. Bybit is now seeking a bridge loan to cover the loss, rather than buying Ethereum on the open market, which could further impact prices. The stolen funds account for about 1/20 of Bybit’s total assets, and the exchange maintains that it remains solvent even if the stolen ETH is not recovered.
Bybit is working with blockchain security experts to trace the stolen funds, urging other platforms to blacklist the involved addresses. Despite these efforts, the likelihood of recovering the stolen assets remains low due to the complex laundering methods used.
Official Livestream on Incident
Bybit CEO Ben Zhou hosted a livestream to explain the situation and answer user questions. He acknowledged that Bybit was experiencing “massive withdrawals” following the breach and admitted that the platform was struggling to process these requests due to liquidity constraints.
Zhou reassured users that withdrawals would be completed within “a few hours” and emphasized that there were no plans to suspend them. He also disclosed that Bybit is actively seeking a bridge loan to cover the loss, further emphasizing the platform’s solvency and commitment to user security.
Impact on Crypto
The news of the hack sent shockwaves through the cryptocurrency market. Bitcoin (BTC) initially fell by $2,000 within seconds, unsettling investor confidence. Although it briefly recovered half of this loss as Bybit assured users of its solvency, BTC has since dropped even further near $95,000.
Ethereum (ETH) also took a hit, plunging by 5%, following confirmation of the hack. After a brief recovery, ETH has fallen even lower, near $2,650. Other cryptocurrencies mirrored this pattern, experiencing sharp declines followed by partial rebounds, only to dip again.
Data from CoinGecko showed a 46% spike in Bybit’s spot trading volume within 24 hours as users rushed to secure their funds. The surge reflects growing panic and uncertainty in the market.
North Korea’s Lazarus Group Identified
ZachXBT identified North Korea’s Lazarus Group as the party responsible for the Bybit hack. This group has been linked to several high-profile crypto hacks, including the $600 million Ronin Network exploit in 2022 and the $100 million Atomic Wallet hack in 2023.
Using on-chain data, test transactions, and forensic analysis, ZachXBT connected the Bybit hack to previous attacks orchestrated by Lazarus Group. This group is known for using advanced laundering techniques, making recovery of stolen funds extremely difficult.
This article will be updated as new information becomes available about the Bybit hack. Stay tuned!
