A recent cyber attack on the centralized cryptocurrency exchange BYBIT led to ETH theft worth over $1.4 billion, a known hacker group that has become the largest recorded cryptocurrency robbery in history.
Details of cyber attacks
On February 21, the cryptocurrency market was once again ill-stable by the news of the security breach of the Baybit Exchange.
The perpetrator has been identified by Chain Chain analyst Zachxbt and combined investigations by various entities including Arkham Intelligence as the North Korean state-sponsored hacker group Lazarus Group.
Breakdown: bybit $1 billion hack bounty resolved by zachxbt
Today at 19:09 UTC, @zachxbt Exact proof of the attack on Bybit was submitted, which was conducted by the Lazarus Group.
His submission includes detailed analysis of test transactions and connected wallets before… https://t.co/O43QD2CM2U. pic.twitter.com/jtqptxl0c5
-Arkham (@arkham) February 21, 2025
The preliminary detection of the event stems from a chain analysis performed by Zachxbt, which identified suspicious outflows of suspicious $ETH and $steth from Bybit Exchange. Someone then transfers the funds to a secure wallet. The perpetrator continues to exchange the entirety of these tokens for ETH.
Before allocating funds across multiple wallets, the secure wallet address used to exchange to ETH is: 0xA4B2FD68593B6F34EE51CB9EDB66EDB66E71C1B4AB4449E
After tracking these transactions, Bybit tagged and blacklisted along with other centralized exchanges and various protocols to prevent liquidation of illegal assets on the open market.
Source: Revocation
bybit response
Bybit CEO Ben Zhou recently issued a statement that ensures that the community’s hot wallets remain safe, while attackers only harmed the cold wallets. The explanation for this event is to manipulate the signed message, which changes the smart contract logic of the ETH wallet. As a result, the attacker gained control over the ETH cold wallet and transferred all ETH holdings to an external address. Zhou further emphasized that all other wallets except the affected ETH cold wallet are kept safe.
Bybit Eth Multisig Cold Wallet was transferred to our warm wallet about 1 hour ago. It seems this particular deal is Musk @Safe . However, the signature message is to be changed…
– Ben Zhou (@Benbybit) February 21, 2025
Bybitt gradually controls everything, and this week I announced that Bybitt’s withdrawal transaction is reopening normally.
