The $1.4 billion hack at Bybit—the largest known cryptocurrency heist in history—has been traced to the notorious Lazarus North Korean hacking group.
Blockchain detective ZachXBT, who’s investigated other crypto heists, spotted the stolen Ethereum funds moving through cryptocurrency wallets previously used by Lazarus to launder funds looted from other exchanges, including Poloniex, BingX, and Phemex.
Blockchain tracking companies, including TRM Labs and Elliptic, later confirmed the findings. “TRM has determined—with high confidence—that the Bybit hack was perpetrated by North Korean hackers,” it said. “This assessment is based on substantial overlaps observed between addresses controlled by the Bybit hackers and those linked to prior North Korean thefts.”
This Tweet is currently unavailable. It might be loading or has been removed.
The heist raises concerns that North Korea will try to use the stolen Ethereum to fund its military and weapons programs. The US alleges that North Korean hackers stole at least $659 million last year in cryptocurrency.
Elliptic says that the Bybit hackers initially transferred stolen Ethereum to 50 different wallets before laundering the funds through other cryptocurrency exchanges and platforms in an effort to convert the stolen funds into Bitcoin.
In particular, the hackers have been using an exchange called eXch, which can facilitate anonymous cryptocurrency transactions. “Our analysis shows that since the hack, cryptoassets stolen from Bybit worth over $75 million have been exchanged using eXch. Despite direct requests from Bybit, eXch has refused to block this activity,” Elliptic said.
This Tweet is currently unavailable. It might be loading or has been removed.
In a forum post, eXch denied that it’s been laundering cryptocurrency for the Lazarus group, saying an “insignificant” portion of the stolen funds went to one of its addresses. “We have previously cautioned the public about the risks of relying on the opinions of amateur researchers like ZachXBT and his teenage peers,” eXch shot back, although the exchange has since blacklisted the flagged cryptocurrency addresses.
Recommended by Our Editors
In the meantime, other exchanges and blockchain companies are intervening to try and seize the stolen crypto. Bybit reported on Sunday that $42.8 million was frozen in one day. In addition, the company made up for the lost $1.4 billion in Ethereum through emergency loans.
It’s unclear how the hackers breached Bybit. For now, the company has suggested the attackers remotely hijacked computers at the exchange and tampered with the interface used to execute cryptocurrency transfer from its offline cold wallets.
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.
About Michael Kan
Senior Reporter
