North Korean Lazarus Group named as the hackers, ZachXBT grabs a bounty, Bybit survives a 'bank run', and Crypto markets are shaken but remain steady. It's been a wild 24 hours in Crypto so let's jump straight in.
Largest hack in history.
Following on from my previous post announcing the hack, It has now been confirmed that the Bybit hack was indeed the largest hack in history, with approx. $1.46B worth of Crypto (mainly ETH) being stolen. The hackers drained the Bybit wallet into one of their own and then immediately began splitting the funds down into more than 40 other wallets. They have since started to bridge the ETH over to other coins like BTC. Bybit has confirmed that the exploit was down to user error and that no other wallets are compromised.
ZachXBT.
'Blockchain investigator' ZachXBT was first to prove the hack was linked to the notorious Lazarus Group. Arkham created and funded a bounty of 50k ARKM for anyone who could prove who the hackers were, and ZachXBT quickly did exactly that. Arkham confirmed,
At 19:09 UTC today, @zachxbt submitted definitive proof that this attack on Bybit was performed by the LAZARUS GROUP.
His submission included a detailed analysis of test transactions and connected wallets used ahead of the exploit, as well as multiple forensics graphs and timing analyses.
The submission has been shared with the Bybit team in support of their investigation. We wish them all the best.
Lazarus Group.
The Lazarus Group is allegedly a North Korean state-backed cybercrime syndicate active since 2009, known for high-profile attacks like the Sony Pictures hack (2014), Bangladesh Bank heist (2016), WannaCry ransomware (2017), and major crypto thefts. Linked to the Reconnaissance General Bureau, they use advanced tactics like spear-phishing, custom malware, and blockchain evasion to steal billions (over $3 billion in crypto since 2018) to fund Pyongyang’s regime.
Bybit survives 'Bank Run'.
Bybit's handling of this unprecedented crisis has been praised by almost everyone. They didn't bury their heads and hide away, or try to deal with it privately, they instead were quick to confirm the exploit, asked for help from the community, remained calm and kept constant open communication throughout the incident. They continued to stress that all losses would be covered and customer funds were safe. They even did a live stream where they stated their intentions to cover the stolen customers ETH with bridge loans so not to move the market by spot buying ETH. Despite all this customers were understandably anxious to get their funds from the exchange, and so a 'bank run' of withdrawal requests began. Bybit survived and the next morning their CEO confirmed,
Since the hack (10 hrs ago) , Bybit has experienced the most number of withdraws that we have ever seen, We have had a total number of more than 350k withdraws requests, so far, around 2100 withdraw requests left to be processed. Overall 99. 994% withdraws have been completed. If your withdraws are completed, please leave a comments here.
Although we have been hit by the worst hack possibly in the history of any medians (banks, crypto, finance), But all Bybit functions and product remain functional, the Whole team had been awake all night to process and answer client questions and concerns. ALL hands on DECK.
A couple hours after that, the CEO confirmed that the exchange withdrawals were fully caught up and were back to normal pace.
Markets were Shaken.
The announcement of the hack understandably shook the markets with Ethereum dropping around 6% and around $500m worth of liquidations. They quickly recovered a couple of percent and remained steady today. The fact they didn't drop more was largely accredited to the handling of the situation by the Bybit team.
Always DYOR.
