Ben Zhou, chief executive officer of ByBit, during the Token2049 conference in Singapore, on Thursday, Sept. 14, 2023.
Joseph Nair | Bloomberg | Getty Images
Bybit, a major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets, in what’s estimated to be the largest crypto heist in history.
The attack compromised Bybit’s cold wallet, an offline storage system designed for security. The stolen funds, primarily in ether, were quickly transferred across multiple wallets and liquidated through various platforms.
“Please rest assured that all other cold wallets are secure,” Ben Zhou, CEO of Bybit, posted on X. “All withdrawals are NORMAL.”
Blockchain analysis firms, including Elliptic and Arkham Intelligence, traced the stolen crypto as it was moved to various accounts and swiftly offloaded. The hack far surpasses previous thefts in the sector, according to Elliptic. That includes the $611 million stolen from Poly Network in 2021 and the $570 million drained from Binance in 2022.
Analysts at Elliptic later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking collective notorious for siphoning billions of dollars from the cryptocurrency industry. The group is known for exploiting security vulnerabilities to finance North Korea’s regime, often using sophisticated laundering methods to obscure the flow of funds.
“We’ve labelled the thief’s addresses in our software, to help to prevent these funds from being cashed-out through any other exchanges,” said Tom Robinson, chief scientist at Elliptic, in an email.
The breach immediately triggered a rush of withdrawals from Bybit as users feared potential insolvency. Zhou said outflows had stabilized. To reassure customers, he announced that Bybit had secured a bridge loan from undisclosed partners to cover any unrecoverable losses and maintain operations.
The Lazarus Group’s history of targeting crypto platforms dates back to 2017, when the group infiltrated four South Korean exchanges and stole $200 million worth of bitcoin. As law enforcement agencies and crypto tracking firms work to trace the stolen assets, industry experts warn that large-scale thefts remain a fundamental risk.
“The more difficult we make it to benefit from crimes such as this, the less frequently they will take place,” Elliptic’s Robinson wrote in a post.
WATCH: Crypto stocks plunge
