, also allegedly performed by the Lazarus Group, linked to the same cluster as Bybit.”I spent the entire day graphing out the laundering movements and flagged theft addresses,” ZachXBT said while sharing the addresses connected to the Bybit hack.
Hackers gained access to cold wallets: Bybit reported the attack on Saturday through their Announcement page. “On February 21, 2025, at approximately 12:30 PM UTC, Bybit detected unauthorized activity within one of our Ethereum (ETH) Cold Wallets during a routine transfer process,” said the exchange.”The attackers employed a deceptive transaction that masked the interface presented to the cold wallet signers authorized to transfer funds,” Santiago Pontiroli, Acronis Lead TRU researcher told CSO. ” The interface displayed the correct destination address while covertly altering the underlying smart contract logic, granting attackers control over the cold wallet.”Bybit reported that over 400,000 ETH and stETH worth more than $1.5 billion were transferred to an unidentified address. The company said it has already processed 70% of withdrawal requests, which presumably peaked after the attack’s confirmation.”Bybit has more than enough assets to cover the loss, with AUM exceeding $20 billion, and will use a bridge loan if necessary to ensure the availability of user funds,” Bybit added in the announcement.While CSO did not obtain a response to the queries sent to Bybit until the publishing of this article, the announcement said it is working alongside blockchain forensic experts to trace the stolen funds and resolve the situation. Crypto traders were assured that the Bybit platform and all the other services, including trading products, cards, and P2P, are fully operational. While the exchange and withdrawals function without restriction, this incident underscores the persistent security challenges within the cryptocurrency industry, highlighting the need for enhanced protective measures against increasingly sophisticated cyberattacks, Pontiroli added, calling this the biggest heist in the cryptocurrency space so far.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3831315/bybits-1-5b-hack-linked-to-north-koreas-lazarus-group.html
