Cryptocurrency exchange Bybit recently revealed a major security breach in which over $1.5 billion in Ethereum was stolen from one of its cold wallets. The theft occurred when a transfer from the wallet to a hot wallet was manipulated during a routine process. Bybit stated that the transaction was altered by a sophisticated attack that masked the signing interface and changed the underlying smart contract logic, enabling the attacker to take control of the wallet and redirect its funds to an unidentified address.
Following the heist, Bybit confirmed that all other cold wallets were secure, and the case was reported to the relevant authorities.
Blockchain intelligence firms, such as Elliptic and Arkham Intelligence, identified the attack as being linked to the infamous Lazarus Group, a North Korean cybercrime group responsible for several large-scale cryptocurrency heists. This incident marks the largest known cryptocurrency theft to date, surpassing other significant heists like those involving Ronin Network, Poly Network, and BNB Bridge.
The Lazarus Group is notorious for orchestrating cryptocurrency thefts to generate illicit revenue for North Korea, a country under heavy international sanctions. According to Chainalysis, in 2024, Lazarus stole an estimated $1.34 billion from 47 cryptocurrency hacks, accounting for 61% of the total illicit crypto funds. Google has even described North Korea as a leading force in the global cybercrime world, with Lazarus remaining at the forefront of these criminal activities.
The attack on Bybit also introduced a new phase of advanced techniques for manipulating user interfaces. Researchers highlighted how the attackers used manipulated interfaces to deceive the multisignature wallet system, allowing them to bypass security protocols. The stolen funds were quickly laundered by converting them into Ether and routing them through various wallets and crypto exchanges, demonstrating the growing sophistication of crypto heists and the challenges in tracing these complex transactions.
Reference:
