Avatar
Frank 10mo ago

#nostr #bybit

The Bybit hack, which unfolded on February 21, 2025, is being called the largest cryptocurrency heist in history, with approximately $1.5 billion in Ethereum (ETH) stolen from the Dubai-based exchange. Here’s a detailed breakdown of what’s known as of today, February 25, 2025, at 6:45 PM PST, pieced together from web reports and sentiment on X:

### What Happened?

- The Breach: The hack targeted one of Bybit’s Ethereum cold wallets—offline storage meant to be ultra-secure—during a routine transfer to a “warm” wallet for daily operations. Around 401,000 ETH (valued at roughly $1.46–$1.5 billion depending on market fluctuations) was siphoned off.

- How It Went Down: Hackers used a sophisticated attack involving social engineering, UI manipulation, and a smart contract exploit. They tricked Bybit’s cold wallet signers—likely including CEO Ben Zhou—into approving a malicious transaction. The attackers masked the signing interface, showing a legitimate-looking transfer while altering the underlying smart contract logic to redirect funds to their own addresses. Phishing emails may have compromised the signers’ computers beforehand, letting the hackers control what the team saw on-screen.

- Execution: The stolen ETH was initially funneled to a single wallet, then split across dozens (some say over 40, others up to 920) of addresses to obscure the trail. The funds have since been moved through decentralized exchanges, mixers like eXch, and cross-chain bridges (e.g., Chainflip to Bitcoin), showing a deliberate laundering strategy.

### Who’s Behind It?

- North Korean Connection: Multiple blockchain analysis firms—Elliptic, TRM Labs, Chainalysis, and Arkham Intelligence—along with famed crypto sleuth ZachXBT, point to North Korea’s Lazarus Group, a state-sponsored hacking crew. Evidence includes:

- Funds from the Bybit hack mingling with wallets tied to prior North Korean heists (e.g., Phemex, BingX, Poloniex, and the $620 million Ronin hack in 2022).

- Similar laundering patterns, like using Pump Fun meme coins and centralized mixers, consistent with Lazarus tactics.

- ZachXBT’s on-chain analysis linking the attack to these earlier breaches, earning him a $50,000 bounty from Arkham.

- Why North Korea?: Experts estimate the regime has stolen $1.34 billion in crypto across 47 hacks in 2024 alone, with this single haul nearly doubling that. The funds are believed to fuel Pyongyang’s nuclear and missile programs—some say up to half its military budget comes from such thefts.

### Aftermath and Response

- Market Impact: Ethereum dropped nearly 4–8% right after the hack but has largely recovered. The broader crypto market took a 10% hit today ($100+ billion lost), partly due to this and lingering fear, with Bitcoin dipping below $90,000.

- Bybit’s Stance: CEO Ben Zhou acted fast, livestreaming within hours to calm users. He insists Bybit is solvent, with client funds “1:1 backed,” and has secured bridge loans (80% of needed funds) from partners to cover losses if unrecovered. Withdrawals spiked—4,000 pending at one point—but 70%+ have been processed despite delays.

- Recovery Efforts: Bybit’s offering a 10% bounty (up to $150 million) for recovered funds, collaborating with Chainalysis and others. So far, $40–43 million has been frozen, plus a tiny $243,000 seized—a fraction of the total. The transparent blockchain makes tracing possible, but laundering complicates full recovery (experts guess 15–30% might return in a best-case scenario).

- Lingering Questions: Some speculate the wallet provider Safe might’ve been a weak link, though Safe denies its frontend was hacked. The exact entry point—phishing, malware, or insider slip-up—remains under investigation.

Reply to this note

Please Login to reply.

Discussion

Avatar
BitLo 10mo ago

Good aggregation