A major breach rocked the cryptocurrency exchange Bybit on Friday when Lazarus, North Korea’s notorious hacking group, stole over $1.5 billion in Ethereum and derivative tokens.
The attack, which targeted Bybit’s cold wallet, has sent shockwaves through the crypto community as experts scramble to figure out how the hackers infiltrated the system and what risks remain for others.
Bybit’s CEO, Ben Zhou, confirmed the breach occurred during a routine transfer between wallets. However, the transaction was altered through sophisticated manipulation of the underlying smart contract, allowing the attackers to take control. Over 400,000 ETH, stETH, and other tokens were siphoned off to multiple undisclosed wallets. As is typical with Lazarus, the funds were split into various addresses and converted into Ethereum via decentralized exchanges.
The attack has raised alarms about potential weaknesses in Safe{Wallet}, a multi-signature platform used by Bybit and many other exchanges to improve transaction security. While Safe has denied any direct breach of its system, it has suspended certain features for safety reasons as Bybit investigates. The primary concern is that the hackers may have exploited vulnerabilities in the devices used by Bybit’s multi-signature signers, manipulating the displayed information to trick them into approving fraudulent transactions.
There’s growing speculation that the attack may have involved insider knowledge, as the level of sophistication required to compromise multiple devices and maintain secrecy is considerable. This follows a disturbing pattern observed in other attacks, such as those on Radiant Capital and WazirX, where attackers used similar tactics to infiltrate systems through deceptive interfaces or malware.
While the precise method of attack remains unclear, some experts believe the hackers may have used malware or phishing techniques to infiltrate devices and compromise the multi-signature signing process. This targeted approach has prompted calls for stricter security protocols, including hardware wallets that are isolated from the internet to prevent similar attacks.
As the investigation continues, security specialists warn that this attack is part of a broader trend of increasingly advanced and targeted threats. The crypto industry must be vigilant, as such attacks continue to evolve and pose serious risks to the safety of digital assets across the sector.
The first quarter of 2025 has been marked by a significant surge in crypto hacks, with losses totaling over $1.63 billion.
In the past two weeks, Coinbase users may have fallen victim to phishing schemes resulting in an estimated $46 million in losses, as malicious actors continue to exploit the growing interest in cryptocurrency.
A South Korean court recently handed down prison sentences to three individuals involved in a cryptocurrency investment scam that defrauded investors of approximately $460,000.
Indian authorities recently apprehended five individuals, including one woman, involved in a sophisticated crypto scam that defrauded a businessman of nearly $700,000.