An estimated $1.5 billion worth of digital assets were compromised by Bybit, a significant cryptocurrency exchange, in what is considered to be the biggest cryptocurrency theft in history.
Bybit’s cold wallet, an offline storage solution intended for security, was compromised by the hack. Mostly in ether, the stolen money was swiftly moved between several wallets and liquidated via a number of marketplaces.
The CEO of Bybit, Ben Zhou, wrote on X, “Please be assured that all other cold wallets are secure.” “All withdrawals are NORMAL.”
As the stolen cryptocurrency was transferred to multiple accounts and quickly offloaded, blockchain analysis companies like Elliptic and Arkham Intelligence were able to track it down. Elliptic claims that the intrusion much outweighs earlier thefts in the industry. This includes the $570 million that was taken from Binance in 2022 and the $611 million that was stolen from Poly Network in 2021.
The attack was later connected by Elliptic analysts to North Korea’s Lazarus Group, a state-sponsored hacker collective that has embezzled billions of dollars from the crypto market. The gang is well-known for deploying sophisticated money laundering techniques to hide the flow of funds while taking advantage of security flaws to fund North Korea’s regime.
In an email, Elliptic chief scientist Tom Robinson stated, “We’ve labeled the thief’s addresses in our software, to help prevent these funds from being cashed-out through any other exchanges.”
A rush of withdrawals from Bybit was immediately prompted by the breach as users feared possible insolvency. Outflows have stabilized, according to Zhou. He reassured clients by saying that Bybit had obtained a bridge loan from unnamed partners to cover any losses that could not be recovered and to keep the business running.
Targeting cryptocurrency platforms is nothing new for the Lazarus organization; in 2017, the organization broke into four South Korean exchanges and took $200 million worth of bitcoin. Large-scale thefts continue to be a major issue, according to industry experts, as law enforcement and cryptocurrency tracking companies attempt to locate the stolen assets.
