Hackers stole $1.46 billion from Bybit in a massive cyberattack. Chainalysis released details on how the attack happened and linked it to North Korea’s Lazarus Group. This is the largest digital heist in cryptocurrency history.
According to the report, Bybit is working with blockchain experts to track the stolen funds and has launched a recovery bounty program. They offer up to 10% of recovered assets to those who help retrieve them.
The hackers used social engineering to gain access. They tricked cold wallet signers into approving malicious transactions. This allowed them to replace Bybit’s multi-signature wallet implementation with their own. Once inside, they intercepted a routine transfer and redirected 401,000 ETH.
The stolen funds, worth nearly $1.5 billion, moved into hacker-controlled addresses. The attackers used a network of intermediary wallets to hide the stolen assets. However, they swapped ETH for BTC and DAI using decentralized exchanges and cross-chain bridges. Some funds remain idle in different addresses.
Bybit users assured of compensation after security breach
This delay tactic helps avoid immediate detection. It is a known strategy used by North Korea-affiliated hackers. Chainalysis found that the stolen funds merged with addresses from past DPRK-linked attacks. Additionally, this provides more evidence of the group’s involvement. In 2024 alone, North Korean hackers stole $1.34 billion across 47 incidents. The Bybit hack exceeded $160 million in a single attack.
Blockchain technology makes tracking stolen assets possible. Every transaction is recorded, allowing authorities to monitor movements in real-time. This transparency makes laundering more difficult for cybercriminals.
However, Bybit assured users that customer losses would be covered. The exchange is working with forensic experts to freeze and recover funds. Moreover, over $40 million has already been frozen with the help of industry contacts. Law enforcement and cybersecurity firms continue working together to track and seize the stolen assets.
Nevertheless, the attack highlights the growing threat of state-sponsored cybercrime in crypto. North Korea’s Lazarus Group remains a dominant force in digital financial crime, and its advanced laundering methods pose challenges for regulators and investigators.
