Hackers Linked To $1.5 Billion Theft From Cryptocurrency Exchange

Bybit, a major cryptocurrency exchange based in Dubai, recently announced in a post on X that it had been hacked, losing $1.5 billion worth of the cryptocurrency Ethereum in the largest cryptocurrency theft of all time, the New York Times reported Putting it into perspective, the previous largest cryptocurrency theft was of $611 million worth of cryptocurrencies from the PolyNetwork platform in 2021.

The crypto research group Arkham Intelligence is attributing the theft to the North Korean hacking group known as the Lazarus Group. The Lazarus Group is an infamous cybercrime group tied to the North Korean government that has been conducting cybercrimes since 2009. Among its more notable attacks was the hack of Sony Pictures in 2014 in retaliation for the release of the movie “The Interview,” which parodied North Korean leader Kim Jong Un. The Lazarus Group also perpetrated a cyberattack against the Bangladesh Bank in 2016 stealing $81 million, according to a Kasperky Lab release. In 2017 it was responsible for the massive WannaCry Ransowmare attack that affected 300,000 computers in 150 countries, per a U.S. Treasury release.

The blockchain intelligence firm Chainalysis estimated that the Lazarus Group stole $1.34 billion in 2024 in 47 cryptocurrency hacks.

According to Bybit’s comments on X, the attacker exploited a “masked” UI and URL, deceiving wallet signers into unknowingly approving a malicious transaction. This allowed them to alter the smart contract logic and gain control of the ETH cold wallet, draining its funds. By altering the smart contract logic, the Lazarus Group was able to get control over Bybit’s Ethereum cold wallet.

Cold wallets are used for security purposes to store cryptocurrencies offline thereby making them more secure than hot wallets which are connected to the Internet and thereby more susceptible to being hacked. Once the hackers took control of the cold wallet they were able to transfer the Ethereum stored there to their own accounts.

As explained by Forbes Contributor Alice Liu the stolen Ethereum was transferred to 53 wallets and are being actively monitored by blockchain and smart contract auditing teams, making it difficult, but not impossible for the Lazarus Group to move the stolen Ethereum in an effort to launder the funds effectively. Already there are initial reports that some of the funds have been moved to the cryptocurrency mixer eXch. Cryptocurency mixers such as eXch break up the cryptocurrencies received into random, smaller amounts and then mix them with funds of other users of the mixer thereby making it more difficult to trace the source of the funds. They may then convert the Ethereum into different cryptocurrencies to further hide their tracks and then split the funds into even smaller units and send them to multiple wallets and then convert those funds to fiat currency. This process will most likely be repeated using multiple mixers to provide more anonymity for the transfers.

In 2024 there were a record 303 successful cryptocurrency platform hacks with losses of $2.2 billion according to Chainalysis’ report. Whether this evident lack of security as shown by the Bybit hacking and other cryptocurrency platform attacks will have an effect on the cryptocurrency markets remains to be seen, an increase in security is definitely needed in the cryptocurrency industry.