North Korean Hackers Steal $1.4B from Bybit

North Korean hackers, suspected to be linked to the notorious Lazarus Group, are believed to be behind the massive $1.4 billion exploit of crypto exchange Bybit. According to blockchain analytics firm Elliptic, the hackers control more than 11,000 cryptocurrency wallets that are actively being used to launder the stolen funds.

Bybit responded swiftly to the attack by blacklisting wallet addresses and collaborating with security firms like Elliptic and ZeroShadow to recover assets. Chainalysis revealed that the attackers exploited a phishing campaign to replace Bybit’s multisignature wallet implementation, which allowed unauthorized fund transfers. The hackers intercepted a routine transfer from Bybit’s Ethereum cold wallet to a hot wallet, rerouting approximately 401,000 ETH, worth $1.46 billion, to their addresses.

Bybit’s co-founder and CEO Ben Zhou publicly declared “war” on the Lazarus Group after launching an initiative to recover the stolen assets. The exchange introduced a blacklist wallet API and offered a bounty for tracing the stolen funds. Elliptic stepped in to support the effort by publishing a freely accessible data feed that contains wallet addresses attributed to the North Korean hackers. The main goal of the initiative is to help the broader cryptocurrency community mitigate exposure to illicit funds and comply with sanctions.

Elliptic stated that within 30 minutes of Bybit announcing the exploit, it already flagged and made available a list of wallet addresses linked to the attack. This real-time response helped protect users by reducing the need for them to manually screen suspicious addresses. So far, Elliptic’s intelligence API identified 11,084 addresses associated with the exploit, and the number is expected to rise as more links are uncovered.

Despite the scale of the attack, Bybit worked very hard to maintain platform stability and continued to allow withdrawals. To help with smooth operations, the exchange secured external liquidity through loans and started repaying them on Feb. 25. These repayments started with a 40,000 ETH transfer to Bidget. Bybit is still very much focused on asset recovery and reinforcing its security measures to prevent any more breaches.

Blockchain analysis firm Chainalysis shared more details about how hackers were able to steal the $1.46 billion from Bybit and shed light on the