- A Bybit hack exposed $1.4B in crypto flaws, shaking trust in exchange security despite the platform’s ability to cover losses.
- The hacker exploited multi-signature weaknesses, using phishing and smart contract manipulation to bypass Bybit’s defences.
- Evidence suggests North Korea’s Lazarus Group is behind the attack, potentially funding state operations with stolen crypto.
According to Sport on chain, a massive security breach at Bybit has shaken the crypto industry. A hacker compromised $1.4 billion, mostly in Ethereum, triggering a wave of urgent transactions. The attack exploited vulnerabilities in Bybit’s multi-signature authentication process, allowing unauthorized transfers. Despite the loss, Bybit’s $16.2 billion reserves can cover the damage. However, the breach raises serious concerns about security protocols in centralized exchanges.
Massive Fund Movements and ETH Drop
Following the breach, fund transfers occurred. The hacker moved 10,000 ETH per address, spreading the stolen assets rapidly. Bybit immediately shifted $200 million USDT from its cold wallet to a hot wallet. It remains unclear if this move was for withdrawals or an ETH buyback. Despite a temporary 3% price drop, ETH quickly recovered as investors analyzed the situation. However, trust in exchange security has taken a hit.
Moreover, $1.2 billion from Bybit’s hot wallet was sent to a suspicious address. Investigators identified the compromised wallet as 0x1db92e2ee, transferring funds to 0x47666Fab. These transactions suggest an ongoing effort to obfuscate the stolen assets. Security experts are tracking the hacker’s movements to prevent further damage.
Exploiting Smart Contracts and Phishing Tactics
The attack occurred during a routine transfer from Bybit’s ETH cold wallet to its warm wallet. The hacker manipulated the signing interface, masking the destination address. This allowed unauthorized access while displaying a legitimate transaction. Consequently, Bybit’s security measures failed to detect the compromise in time.
Additionally, forensic analysis revealed advanced phishing tactics. The attackers used social engineering to steal internal credentials. Once inside, they bypassed security measures, altering multi-signature approvals. This technique mirrors past crypto exchange breaches, showing evolving hacker strategies.
Potential Ties to North Korea’s Lazarus Group
Emerging evidence links the attack to North Korea’s state-sponsored Lazarus Group. Blockchain analyst ZachXBT identified patterns matching their previous exploits. These similarities connect the Bybit hack to the Phemex exchange breach in January 2025.
The tracking suite for hacker’s movements awarded ZachXBT a $50,000 bounty from the crypto analytics firm Arkham. If confirmed, North Korea’s forwarding with all these cryptos would surpass Ethereum co-founder Vitalik Buterin. According to experts, this theft and these funds are a potential economic backer for processes fueling nuclear weapons, hence stirring a geopolitical alarm.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
