Blockchain analytics firm Arkham Intelligence said North Korea's Lazarus group is behind Bybit's $1.46 billion hack.
In an earlier post on social media platform X, Arkham provided 50,000 Arkm tokens bounty for anyone who could identify the attacker for Friday's hack. The platform then said ZachxBT had provided “conclusive evidence” that the attacker was a group of North Korean hackers.
“His submission included a detailed analysis of the test transactions and connected wallets used prior to the exploit, as well as multiple forensic graphs and timing analysis,” the post states.
Read more: BYBit loses $1.5 billion in hacks, but can cover losses, CEO confirms
Having rocked the crypto market and seen most prices fall, Huck was called the “largest crypto theft of history,” co-founder and chief scientist Tom Robinson of Elliptic. “The next biggest crypto theft is $611 million stolen from a poly network in 2021. In fact, it's even the largest single theft in history.”
Blockchain data provider Nansen told Coindesk that the attackers initially withdraw $1.5 billion worth of funds from the exchange to their main wallet and distributed them to several wallets. “Initially, the stolen funds were transferred to a primary wallet, which distributed them to over 40 wallets,” Nansen said. “The attacker converted all Steth, Cmeth and Meth to ETH, then systematically transferred the ETH to over 10 additional wallets in increments of $27 million,” Nansen said. .
The attack appeared to have been caused by something called “blind signs.” There, smart contract transactions are approved without comprehensive knowledge of their content. “This attack vector is becoming a favorite form of cyberattacks used by advanced threat actors, including North Korea. This is the same type of attack used in the Radiocapital Breakdown and Wajirux incident.” Ben Nathan.
“The problem is that even with the best major management solutions, most signature processes are now delegated to a software interface that interacts with Dapps. This makes it possible to create a malicious operational door for the signature process. It's open. What happened with this attack,” he said.
Bybit CEO Ben Zhou previously wrote in X that the hackers “controlled a particular ETH cold wallet and moved all ETH in the cold wallet to this unidentified address.” He also confirmed that “even if this hack loss has not been recovered, the exchange is a solvent.”
Oliver Knight contributed to reporting this story
Read more: Bitcoin, Ether Slump is encrypted to immerse yourself in a report of a massive $1.5 billion Bit Hack
Arabic
Chinese (Simplified)
Dutch
English
French
German
Italian
Portuguese
Russian
Spanish