Bybit's Billion-Dollar Heist: Lazarus Group Strikes Again

Overview of the Bybit Hack

On February 21, 2025, cryptocurrency exchange Bybit suffered a major security hack, leading to the theft of about $1.4 billion worth of Ethereum (ETH) and associated assets. The hack took place in an Ethereum cold wallet during a normal transfer process. Hackers used a high-level technique of a misleading transaction that concealed the actual interface, tricking the cold wallet signers. This enabled the attackers to seize control and send more than 400,000 ETH and stETH to an unknown address.

Investigation and Suspected Perpetrators

The Bybit hack investigation is pointing to the Lazarus Group, an infamous North Korea-sponsored hacking group. Blockchain sleuth ZachXBT was instrumental in discovering the link. By means of meticulous examination of test transactions, linked wallets, and timing analysis, ZachXBT presented conclusive evidence linking the attack to the Lazarus Group. The conclusion was also backed by Arkham Intelligence. Indications also point to the involvement of the Lazarus Group in other recent hacks, such as those of Phemex and BingX.

Impact and Bybit's Response

The Bybit hack sent shivers down the spines of cryptocurrency traders about security loopholes in centralized cryptocurrency exchanges. Bybit has guaranteed users that the platform is still fully functional and that it holds enough assets to counter the losses. The exchange is collaborating with blockchain forensic analysts to track the stolen money and has introduced increased security features to avoid similar future occurrences. Collaborative global effort from crypto security teams has resulted in freezing stolen assets worth $42.89 million