Hackers stole 400,000 ETH—worth $1.5 billion—right from Bybit’s cold wallet.
Security experts, including ZachXBT, quickly traced the attack to the infamous Lazarus Group. This is a shadowy hacker collective believed to be backed by North Korea.
Lazarus Group: A Decade of Cyber Heists
Lazarus Group has been wreaking havoc in the cyber world since 2010. Their biggest hits include Axie Infinity ($625M), Atomic Wallet ($100M), and Harmony Bridge ($100M). They don’t just steal money—they play the long game, sitting on stolen funds for years. In 2022, Chainalysis reported that Lazarus still held $55M from old hacks. Victims never see their money again.
One key figure linked to Lazarus is Park Jin Hyok. The U.S. accuses him of creating the WannaCry ransomware, hacking Sony Pictures, and stealing from the Central Bank of Bangladesh. His ties to Lazarus come through the Chosun Expo Joint Venture, a front company used to carry out cyberattacks.
Biography of Park Jin Hyok:
⫸ The US accuses him of creating WannaCry
⫸ Involved in the Sony Pictures hack
⫸ Stole funds from the Central Bank of BangladeshHe is also linked to the Lazarus Group through the Chosun Expo Joint Venture. pic.twitter.com/mZAQrqRtK7
— Chrome (@0xchromium) February 23, 2025
How The Lazarus Group Hacked Bybit
The attack targeted Bybit’s multi-signature ETH cold wallet. Hackers tricked signers using a fake interface, secretly altering transaction details. As a result, Bybit unknowingly approved the hacker’s transaction. The stolen ETH was then moved to 53 different wallets, making it harder to trace.
Bybit confirmed that only this wallet was affected. The company is now taking steps to manage the crisis: First, borrowing ETH to allow withdrawals, and then increasing liquidity for USDT and USDC However, since most of their ETH is gone, they’ll eventually have to buy it back from the market—a costly and risky move.
Today, Bybit was hacked through its ETH multi-signature cold wallet.
Security expert @ZachXBT has connected the attack to the Lazarus Group.
Bybit’s CEO said hackers used a fake interface to secretly change transaction details and trick the signers. https://t.co/pypeO0Sx7i
— Chrome (@0xchromium) February 23, 2025
What Happens Next?
Lazarus Group is now laundering the stolen funds. Some assets are frozen, and detectives are tracking transactions in real-time. But Lazarus isn’t in a rush. Their strategy is to wait until the heat dies down before cashing out.
In 2022, Chainalysis found that Lazarus was still holding $55 million from hacks that happened six years ago.
They play the long game, waiting patiently.
Victims never get their money back. Not once. Lazarus isn’t interested in negotiating or refunding. pic.twitter.com/AMiBusKcu0
— Chrome (@0xchromium) February 23, 2025
Meanwhile, the attack has reignited concerns about CEX security. Experts are calling for stronger multi-signature protections and better transaction verification systems. After all, if a major exchange like Bybit can get caught with its guard down, who’s next?
Disclaimer
The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to the accepted levels of risk tolerance of the writer/reviewers and their risk tolerance may be different than yours. We are not responsible for any losses that you may incur as a result of any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments so please do your due diligence. Copyright Altcoin Buzz Pte Ltd.