February 22, 2025
11 11 11 AM
Latest Post
Ether Price Spikes Further on Reports of Bybit Starting to Buy ETH SEC Drops OpenSea Investigation Easing Pressure on NFT Market Ether Supply Squeeze? Bybit Hacker Emerges as World’s 14th-Largest ETH Holder Crypto Exchanges Start to Fill Bybit’s $1.4B Hole as Hackers Move Stolen Funds Arthur Hayes Proposes Rolling Back Ethereum Network to Negate $1.4B Bybit Hack Bybit CEO Labels Pi Network a Scam, Citing Official Police Warning North Korean Hackers Were Behind Crypto’s Largest ‘Theft of All Time’ Plunging U.S. Stocks Help Add to Crypto’s Bad Day U.S. Marshals Service Can’t Say How Much Crypto It Holds, Complicating Bitcoin Reserve Plan CZ Suggests Bybit Halt Withdrawals, Offers Help With $1.5B Hack

North Korean Hackers Were Behind Crypto’s Largest ‘Theft of All Time’

Blockchain analytics firm Arkham Intelligence said North Korea’s Lazarus Group was behind Bybit’s $1.46 billion hack.

In an earlier post on social media platform X, Arkham offered a bounty of 50,000 ARKM tokens for anyone who could identify the attackers for Friday’s hack. Later, the platform said onchain sleuth ZachXBT submitted “definitive proof” that the attackers were the North Korean hacker group.

“His submission included a detailed analysis of test transactions and connected wallets used ahead of the exploit, as well as multiple forensics graphs and timing analyses,” the post said.

Read more: Bybit Loses $1.5B in Hack but Can Cover Loss, CEO Confirms

The hack that rocked the crypto market and saw most prices tumbling was called the “largest crypto theft of all time, by some margin,” by Elliptic’s Tom Robinson, co-founder and chief scientist. “The next largest crypto theft would be the $611 million stolen from Poly Network in 2021. In fact it may even be the largest single theft of all time.”

Blockchain data provider Nansen told CoinDesk that the attackers first withdrew nearly $1.5 billion worth of funds from the exchange into a main wallet and then spread the funds across several others.

“Initially, the stolen funds were transferred to a primary wallet, which then distributed them across more than 40 wallets,” Nansen said. “The attackers converted all stETH, cmETH, and mETH to ETH before systematically transferring ETH in $27 million increments to over 10 additional wallets,” Nansen said.

The attack appeared to have been caused by something called “Blind Signing,” where a smart contract transaction is approved without the comprehensive knowledge of its contents.

“This attack vector is quickly becoming the favorite form of cyber attack used by advanced threat actors, including North Korea,” said blockchain security firm Blockaid’s CEO Ido Ben Natan. “It’s the same type of attack that was used in the Radiant Capital breach and the WazirX incident.”

“The problem is that even with the best key management solutions, today most of the signing process is delegated to software interfaces that interact with dApps. This creates a critical vulnerability — it opens the door for malicious manipulation of the signing process, which is exactly what happened in this attack,” he said.

Bybit CEO Ben Zhou wrote earlier on X that a hacker “took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address.” He also confirmed that the exchange “is solvent even if this hack loss is not recovered.”

Oliver Knight contributed to the reporting of this story
Read more: Bitcoin, Ether Slump as Crypto Prices Dip on Report of Massive $1.5B Bybit Hack

This post was originally published on this site