Cryptocurrency exchange Bybit announced on Friday that it fell victim to a “sophisticated” cyberattack, resulting in the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets. This incident marks the largest single crypto heist in history.
Details of the Cyberattack
According to Bybit’s statement on X, the breach occurred during a transaction from their ETH multisig cold wallet to a warm wallet. The attack exploited a vulnerability that manipulated the signing interface, allowing the attacker to display the correct address while altering the underlying smart contract logic. Consequently, the attacker gained control of the affected ETH cold wallet and transferred its assets to an unidentified address.
In a follow-up statement, Bybit’s CEO, Ben Zhou, reassured users that all other cold wallets remain secure. The company has also reported the incident to the relevant authorities for further investigation.
While Bybit has yet to provide official confirmation, blockchain analytics firms Elliptic and Arkham Intelligence have attributed the theft to the notorious Lazarus Group. This incident surpasses previous record heists, including the Ronin Network hack ($624 million), Poly Network breach ($611 million), and BNB Bridge theft ($586 million).
Connection to the Lazarus Group
Independent researcher ZachXBT noted a connection between the Bybit hack and a recent hack of Phemex, which occurred late last month. The Lazarus Group, believed to be based in North Korea, is known for orchestrating numerous cryptocurrency heists to fund the sanctions-hit regime. In 2023 alone, estimates indicate that the group stole $1.34 billion across 47 cryptocurrency hacks, accounting for 61% of all illicit crypto gains during that period, according to blockchain intelligence firm Chainalysis.
The rise in cryptocurrency heists stems from the lucrative nature of these crimes, the challenges in attributing them to malicious actors, and the increasing familiarity that organizations have with cryptocurrency and Web3 technologies, as highlighted by Google-owned Mandiant last month.
