Bybit Hack Linked to North Korean Hackers with $1.4 Billion Stolen
Bybit crypto exchange experienced a significant hack, resulting in the theft of $1.4 billion. Blockchain analytics firm Elliptic identified links to North Korean hackers who used over 11,000 wallets for laundering the stolen funds.
- Four days post-hack, Bybit's CEO announced a crackdown on the Lazarus Group.
- Bybit launched a blacklist wallet API and offered a bounty for tracking the stolen assets.
- Elliptic published a data feed with wallet addresses linked to the hack to help the community avoid exposure to sanctioned entities.
- 11,084 wallet addresses related to the exploit were identified, with numbers expected to rise.
“Addresses associated with the Bybit exploit were identified and available to screen within just 30 minutes of the announcement.”
Bybit partnered with Web3 security firm ZeroShadow for blockchain forensics to trace and freeze stolen funds. The attack originated from a phishing campaign targeting cold wallet signers, leading to an interception of funds during transfer from Bybit’s Ethereum cold wallet.
- Stolen Ether was converted into Bitcoin, Dai, and other cryptocurrencies, obscuring the trail.
- Bybit maintained platform stability and kept withdrawals open post-breach.
- The exchange secured external liquidity through loans and began repaying them, including a transfer of 40,000 ETH back to Bidget.
- Bybit recently registered with Indian authorities to resume services in the country.