North Korean hackers suspected of being behind record US$1.5 billion hack of crypto exchange Bybit
· CNA · JoinRead a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST Tap here to return to FAST
FAST
Hackers affiliated with North Korea are believed to have carried out Friday’s (Feb 21) record US$1.5 billion hack of crypto exchange Bybit, according to security researchers.
Cryptocurrency exchange Bybit said on Friday an attacker gained control of an ethereum (ETH) wallet and transferred around US$1.5 billion worth of holdings to an unidentified address.
The ETH cold wallet was the only one that was attacked and all other wallets of the exchange were unaffected, with withdrawals proceeding normally, CEO Ben Zhou said in a post on X.
Blockchain analytics firms Arkham Intelligence and Elliptic, and blockchain analyst ZachXBT traced the billion-dollar hack to North Korea's Lazarus Group.
The Lazarus Group is a hacking group sanctioned by the United States, which says it is controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau.
The group has been accused of involvement in the “WannaCry” ransomware attacks, hacking of international banks and customer accounts, and the 2014 cyber-attacks on Sony Pictures Entertainment.
Crypto hacking linked to North Korea more than doubled from 2023 to a record high of US$1.3 billion in 2024, according to blockchain analysis firm Chainalysis.
"All client funds are safe, and our operations continue as usual without any disruption," Bybit said, adding its security team, along with forensic experts, was investigating the incident.
"Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1-to-1 backed, we can cover the loss," Zhou added.
In an online chat addressing the hack, he also assured users that their "funds are safe".
The company said on X: "We've launched a refund programme for users affected ... Bybit is committed to protecting our community, and we will fully reimburse all impacted users."
According to the company, attackers exploited security protocols during a transaction, enabling them to transfer the assets to an unidentified address.
This compromised an offline "wallet" that stored ethereum, and the hackers stole 400,000 ETH on Friday morning.
Ethereum is the second-largest cryptocurrency by market value after Bitcoin, and was worth US$2,641.41 on Friday after the hack, down nearly four per cent.
Zhou stated that Bybit holds US$20 billion in client assets and pledged that any unrecovered funds would be covered through the company's treasury or a bridge loan from partners.
The scale of the theft far exceeds the previous record: a US$620 million heist of ETH and USD Coin from the Ronin Network in 2022, allegedly also carried out by the Lazarus group.
Bybit caters to more than 60 million users worldwide and offers access to various cryptocurrencies, including bitcoin and ether.
Founded in 2018, it counts prominent Donald Trump ally Peter Thiel among its early investors, according to Pitchbook.
Newsletter
Week in Review
Subscribe to our Chief Editor’s Week in Review
Our chief editor shares analysis and picks of the week's biggest news every Saturday.
Sign up for our newsletters
Get our pick of top stories and thought-provoking articles in your inbox
Get the CNA app
Stay updated with notifications for breaking news and our best stories
Get WhatsApp alerts
Join our channel for the top reads for the day on your preferred chat app