Arkham Intelligence, a blockchain analytics firm, reported that North Korea’s Lazarus Group was responsible for the recent $1.46 billion hack of the cryptocurrency exchange Bybit.
The firm initially offered a reward of 50,000 ARKM tokens for information about the attackers. Later, on-chain investigator ZachXBT provided strong evidence linking the hack to Lazarus Group. His analysis included detailed transaction data and wallet connections related to the attack.
This hack is considered one of the largest in crypto history. Tom Robinson, co-founder of Elliptic, described it as the “largest crypto theft of all time.” The previous record was held by the $611 million stolen from Poly Network in 2021. According to Nansen, a blockchain data provider, the attackers first moved nearly $1.5 billion into a main wallet before distributing it across over 40 other wallets.
The stolen funds were converted from stETH, cmETH, and mETH to ETH. The attackers then transferred the ETH in increments of $27 million to more than ten additional wallets. The hack was reportedly enabled by a method called “Blind Signing.” This occurs when a smart contract transaction is approved without fully understanding its details.
Ido Ben Natan, CEO of Blockaid, noted that this type of attack is becoming common among advanced cybercriminals, including those from North Korea. He mentioned similar attacks in the Radiant Capital breach and the WazirX incident.
The vulnerability arises because many signing processes rely on software interfaces that interact with decentralized applications (dApps), making them susceptible to manipulation.
Bybit’s CEO, Ben Zhou, stated that the hacker gained control of a specific ETH cold wallet and transferred all its contents to an unknown address. He assured users that the exchange remains solvent, even if the stolen funds are not recovered.
