Bybit, the second-largest cryptocurrency exchange by trading volume, has confirmed a massive security breach that led to the theft of $1.46 billion in cryptocurrency, making it the largest single crypto heist till date. The attackers targeted an ETH multisig cold wallet and initiated a transaction to the warm wallet.
Bybit, in its post on X, stated that the attackers deceptively displayed the correct address while manipulating the underlying smart contract to reroute the transaction. The attackers exploited the security controls to hijack the transaction and transfer the funds to an unknown address. Bybit CEO Ben Zhou stated that the incident was reported to the concerned authorities and also assured users that other cold wallets remain secure.
Bybit hasn’t officially named any culprit. However, blockchain analysis firms Elliptic and Arkham Intelligence are pointing fingers at the infamous Lazarus Group, a notorious North Korean hacking organization. This heist surpasses previous major crypto heists like the Ronin Network, Poly Network, and BNB Bridge incidents. Independent researcher ZachXBT also linked the Bybit hack to a recent attack on Phemex.
The Lazarus Group has recently been in the limelight for its cryptocurrency theft activities and for generating illegal funds for North Korea. American blockchain analysis firm Chainanalysis has estimated that the Lazarus group was responsible for 61% of all stolen cryptocurrency in 2024, amounting to $1.34 billion across 47 hacks.
Meanwhile, Bybit has confirmed that it will reward up to $140 million to security experts who can aid in retrieving the stolen cryptocurrencies. It is also developing a HackBounty platform aimed to help industries track hackers. A new API was also released by the organization, which is said to update a list of identified suspicious wallet addresses to assist in streamlining the recovery efforts. The attack has also united various industry groups as they came together to help trace, block, and recover some of the stolen funds.
This attack sheds light on the growing security concerns related to the digital currency market. Security experts consider the financial gains associated with these heists, along with the difficulty in identifying culprits and the limited knowledge of organizations regarding cryptocurrency and Web3 technologies, as the primary catalysts behind these attacks. The attack also underscores the significant risk associated with blindly accepting smart contract interactions, emphasizing the need for heightened scrutiny over transactions.
