TL;DR
- Hackers stole $1.46 billion from Bybit in the largest attack on a crypto exchange in history, with the Lazarus Group identified as the perpetrators.
- Lazarus used phishing attacks to access cold wallets and altered multisig contracts to transfer funds without restrictions.
- Chainalysis and Bybit have frozen $40 million and are offering rewards of up to 10% of the stolen funds to those who help recover them.
The Bybit hack has exposed critical vulnerabilities in cryptocurrency exchange security. On February 21, attackers stole approximately $1.46 billion in assets, making it the largest theft in the history of the crypto industry. Investigations pointed to the North Korea-linked Lazarus Group as the responsible party.
How Was the Bybit Attack Carried Out?
The hackers used a social engineering strategy to gain access to Bybit’s cold wallets. Through a phishing campaign, they tricked signers into authorizing malicious transactions. Once inside the platform, they replaced the multisig wallet implementation contract with an altered version, allowing them to transfer funds without restrictions. They exploited a routine transaction to divert 401,000 ETH to multiple addresses under their control.
To make tracking more difficult, the attackers distributed the stolen assets across a network of intermediary wallets. Some of the funds were converted into other cryptocurrencies, such as Bitcoin and Dai, using decentralized exchanges and no-KYC services. They also used cross-chain bridges to move assets across different networks. A significant portion of the funds remains inactive, a common tactic among North Korean hackers to evade tracking while attention on the incident decreases.
Fund Recovery Program
Despite the scale and complexity of the attack, blockchain’s transparency has made it easier to trace the stolen funds. Chainalysis, in collaboration with other industry entities, has managed to freeze more than $40 million in stolen assets. Bybit has also taken measures to mitigate losses, including a bounty program offering up to 10% of the recovered funds to those who assist in their recovery.
This attack highlights the sophistication of state-sponsored hacking groups and the urgent need to strengthen security measures in exchanges. Bybit and other platforms have intensified monitoring efforts to detect potential threats before new incidents occur. Cooperation between companies and security organizations will be key to curbing such crimes and protecting user funds
