North Korea’s Lazarus Group Linked to $1.5B Bybit Hack, Investigators Say
Blockchain analytics firm Arkham Intelligence has identified North Korea’s Lazarus Group as the mastermind behind the staggering $1.5 billion exploit on crypto exchange Bybit. The confirmation came after well-known on-chain investigator ZachXBT provided compelling evidence tying the attack to the notorious hacking syndicate.
Arkham had offered a 50,000 ARKM token bounty for anyone who could expose the attackers, later announcing that ZachXBT’s forensic analysis definitively linked the stolen funds to wallets controlled by Lazarus.
Biggest Crypto Heist on Record
Elliptic co-founder Tom Robinson called the Bybit breach the largest crypto hack in history, surpassing the $611 million Poly Network exploit of 2021.
Blockchain data provider Nansen revealed that the stolen assets were initially funneled into a single wallet before being fragmented across multiple addresses.
“The hackers first consolidated the funds into one wallet before systematically dispersing them in increments of $27 million to over 40 different wallets,” Nansen stated.
Attack Exploited ‘Blind Signing’ Vulnerability
Security experts suggest the breach was executed through a ‘Blind Signing’ attack, where transactions are authorized without fully understanding the details.
“This method has become a preferred tactic for sophisticated cybercriminals, including North Korean actors,” said Blockaid CEO Ido Ben Natan. “We’ve seen similar vulnerabilities exploited in the Radiant Capital and WazirX breaches.”
He further noted that despite advances in security, many platforms still depend on software-based signing mechanisms that remain susceptible to manipulation.
Bybit CEO Confirms Breach, Assures Users
Bybit CEO Ben Zhou confirmed the security breach, explaining that an Ethereum cold wallet was compromised, leading to the unauthorized transfer of all ETH stored in it.
Despite the loss, Zhou assured users that Bybit remains financially solvent and that the exchange has the reserves to absorb the impact.
As crypto exchanges face increasing threats from state-backed hacking groups, the Bybit incident highlights the urgent need for stronger security measures and real-time monitoring to prevent future attacks.
