Bybit Hack Links to Lazarus Group in Arkham: Evidence Suggests Sophisticated Cybercrime Group as Potential Perpetrator

Bybit Hack Links to Lazarus Group in Arkham: Evidence Suggests Sophisticated Cybercrime Group as Potential Perpetrator

Hot Off the Press: North Korean Hackers Tied to Bybit's $1.5B Heist

In a shocking revelation, Arkham Intelligence, a leading blockchain analytics firm, has pointed fingers at the notorious North Korean hacking collective, Lazarus Group, for the massive hack of cryptocurrency exchange Bybit.

Making the Connection: ZachXBT to the RescueBybit got a big break at 19:09 UTC today when cyber sleuth @zachxbt provided ironclad evidence linking Lazarus to the colossal hack. ZachXBT's investigation includes a comprehensive analysis of test transactions, connected wallets, graphs, and timestamps. This crucial data is now in the hands of Bybit’s team to aid in their investigation, as confirmed by Arkham representatives.

Crypto enthusiast and BitOK founder Dmitry Machikhin shared with us that the swiped digital currency is actively shifting from the Ethereum network to other blockchains.

Maintaining Calm Amidst Chaos

In a unique livestream, Bybit CEO Ben Zhou announced that negotiations are underway with partners to secure an Ethereum loan to bolster Ethereum liquidity during this crisis. Bybit stands firm, and the funds are crucial for providing liquidity support.

Binance founder Changpeng Zhao extended a helping hand to Bybit, offering assistance in mitigating the aftermath of the hack and suggesting a temporary halt on withdrawals as a precautionary measure. Coinbase's head of products, Connor Grogan, reported that Binance and Bitget have poured over 50,000 ETH into Bybit's cold wallets.

Binance and Bitget poured a hefty chunk of their ETH (over 50k!) into Bybit's cold wallets. Bitget's contribution is significant, equal to nearly a quarter of Bybit's entire ETH! The funds were delivered directly to Bybit, skipping a deposit address.

Appearing as a knight in shiny armor, MEXC transferred roughly $33.75 million worth of stETH to Bybit's cold wallet.

Chinese crypto pioneers are jumping in to support Bybit's liquidity by actively transferring ETH to the affected platform. Huobi co-founder Du Jun deposited 10,000 ETH, vowing not to withdraw them for a month. The co-founders of Conflux and Mask Network also pledged ETH to Bybit's cold wallets.

Bybit officials have filed reports with the relevant law enforcement agencies. Through collaboration with leading blockchain analytics providers, they have already identified and isolated related addresses, hindering hackers from withdrawing ETH through legitimate markets.

Grace Chen Speaks Up

Bitget CEO Grace Chen explained, despite incurring substantial losses equivalent to Bybit's yearly income ($1.5 billion), client funds remain safe, eliminating the need for panic. She also clarified that the transferred assets belong to Bitget itself, not its users.

Chen reported that within 10 hours after the Bybit hack, they witnessed a record-breaking number of withdrawal requests - over 350,000. Intriguingly, around 2,100 requests are still pending, with 99.994% of operations already executed.

"The Greatest Heist of All Time"

Grogan described the Bybit hack as "the greatest heist of all time." This monumental hack, worth over $1 billion, surpasses the Central Bank of Iraq Heist ($1 billion) and the 2016 DAO hack (worth around $150 million) in terms of dollar value. The incident may rekindle debates about the requirement for Ethereum hard forks.

February 21, 2025Former BitMEX CEO Art Hayes shared that as a large ETH investor, he supports the community's decision to rollback the chain to a previous state, akin to the decision made after the 2016 DAO hack.

What's Next?

In an analysis by Taproot Wizards co-founder Eric Wall, it is believed that North Korean hackers have systematically converted ERC-20 tokens into ETH, exchanged ETH for BTC, and finally converted Bitcoin to yuan through Asian exchanges. These ill-gotten funds could potentially finance North Korea's nuclear and missile programs.

If you want to know what happens to funds after they're stolen by North Korea/Lazarus Group, the Chainalysis 2022 report provides valuable insights.

Chain-Hopping and Money Laundering Techniques

The Lazarus Group launders funds using these methods:1. Chain-Hopping and Cross-Chain Transactions: - By jumping between various blockchains and cryptocurrencies, Lazarus aims to hide the origin of the stolen funds by making tracking difficult. - They take advantage of decentralized exchange aggregators such as THORChain, Paraswap, DODO, and Li.Fi to facilitate transactions across multiple blockchains.

1. Use of Decentralized Exchange (DeX) Aggregators:
2. Platforms like THORChain have been instrumental in aiding these nefarious transactions, thanks to their ability to enable token swaps across different blockchain networks.
3. Analysis showed that THORChain processed a massive volume of swaps, highlighting its role in money laundering.
4. Rapid Transaction Swapping:
5. The group quickly swaps different coins and tokens to muddy the trail of the stolen funds.
6. Leveraging Multiple Services:
7. Lazarus continues to use Tornado Cash, a mixing service, despite efforts to restrict its use for money laundering.
8. Exploitation of Vulnerabilities:
9. The initial Bybit hack was carried out by exploiting vulnerabilities in the Safe{Wallet} UI, allowing the attackers to compromise Bybit's multisig wallet infrastructure.
10. What about the involvement of Lazarus Group in other industries? Could their cybersecurity expertise be used to target finance and banking-and-insurance sectors through technology?
11. With North Korean hackers possibly possessing vast amounts of cryptocurrency and general-news outlets reporting their connection to crime-and-justice, what global financial implications might this have?
12. As more collaborations between companies in the industry like Binance, Bitget, and MEXX occur, could this strengthen cybersecurity measures to prevent such heists in the future?
13. What steps will law enforcement take to track and recover the illegally obtained funds, especially when they are laundered using tactics like chain-hopping and cross-chain transactions, decentralized exchange agencies, and mixing services like Tornado Cash?

Read also: