ZachXBT Identifies Lazarus Group as Bybit $1.4B Hackers, Wins Arkham Bounty

Số người xem bài viết (Post Views): 36

Tags: hack

Key Takeaways:

February 2025 saw one of the largest hacks in crypto history, a $1.4 billion hack against Bybit.
On-chain sleuth ZachXBT names North Korea’s Lazarus Group among the likely perpetrators.
Crypto community rallies with support, security tips and stolen fund tracking efforts

The cryptocurrency space has just faced a significant threat, after the Bybit exchange was targeted in a $1.4 billion hack. The first reports of this issue appeared on February 21, noting unusual withdrawals of Ether (ETH) from Bybit wallets. The crypto community reacted quickly, with on-chain analyst ZachXBT attributing the theft to the notorious Lazarus Group, a North Korean hacking group.

Table of Contents

ZachXBT Identifies Lazarus Group in Arkham Bounty Investigation

Arkham Intelligence has previously offered a bounty of 50,000 ARKM tokens (valued at about $31,500 at the time) for information that might lead to identifying the attackers. ZachXBT was quick to step up with detailed on-chain analysis that led to the Lazarus Group. He wrote the following in his submission to Arkham:

Analysis of test transactions
Wallets discovery — identification of the connected wallets
Forensic charts
Timing analyses

This has been reported to Bybit to assist in their investigation.

The Scale of the Bybit Hack

The hack caused the loss of around $1.4 billion, including large amounts of Ether (ETH) and other ERC-20 tokens. Blockaid, an on-chain security platform, called it “the largest crypto exchange hack of all time.” The stolen assets included:

About 401347 ETH ($1.12 bln estimate)
90,376 stETH (approximately $253.16 million in current valuation)
15,000 cmETH ($44.13 million)
8,000 mETH ($23 million)

Considering the scale of the theft, the news spread quickly and generated a varying response from the crypto community.

Community Response: Support, Security Measures, and Calls to Avoid Panic

After announcing the hack, many prominent players in the crypto space rallied behind Bybit. Justin Sun, who founded Tron, announced on X (formerly Twitter) that his team was helping track down the stolen funds. OKX also deployed its security team to assist Bybit’s probe. KuCoin expressed solidarity with Bybit, stressing that crypto security “is a shared responsibility”, noting further that in the fight against cybercrime, collaboration between exchanges is key.

Calls to Stop the FUD (Fear, Uncertainty, and Doubt)

Bybit’s financial position was also one of the factors that led some community members to ask others to not spread FUD. Coinbase executive Conor Grogan pointed out that Bybit seemed to be processing withdrawals without problems even after the hack, as well as its large assets (more than $20 billion at the time) and cold wallets that had not been touched. He argued that the situation was not analogous to the collapse of FTX, saying that Bybit was well-capitalized and would not run into similar problems. Aave founder Stani Kulechov also weighed in, extending his support.

Security Advice for Crypto Users

Following the Bybit hack, a number of experts have offered users security tips to safeguard their funds. Yuga Labs’ vice president of blockchain, Quit, suggested to utilize multi-signature wallets, hardware wallets as the signers, and run tenderly simulations. KuCoin also recommended that users activate two-factor authentication, maintain strong, distinctive passwords and evaluate passkeys.

Lazarus Group: An Ongoing Threat

The identification by ZachXBT of the Lazarus Group as the prime suspect was a cause for great concern. The Lazarus Group has been linked to several other major cyberattacks, including:

A hack of the Axie Infinity Ronin Bridge ($625 million)
$100 million stolen from Harmony Bridge
Atomic Wallet ($100 million)
Stake ($41 million)
Alphapo Hot Wallet ($60M+).
WazirX ($230 million)

Their methods typically involve converting stolen ERC-20 tokens into ETH, swapping ETH for BTC, and then laundering the funds through OTC networks and illicit financial channels in Asia. Those funds are said to be used to fund North Korea’s nuclear weapons and ballistic missile programs.

Bybit’s Response and Solutions In Working

Bybit has implemented a series of measures to remedy the hack, including:

Reporting the incident to law enforcement
Working with blockchain forensic experts to trace the stolen funds
Working with on-chain analytic providers to flag and “demix” the involved addresses
Requesting other exchanges and market makers to blacklist the stolen ETH

Our reserves are 1:1 backed, no user funds have been frozen, Bybit CEO Ben Zhou said. He further explained that Bybit arranged a bridge loan to keep its operations steady and to ensure retail withdrawals.

Potential Impact on Ethereum

Following the Bybit hack, discussions about a potential Ethereum fork have emerged. Notably, investor Arthur Hayes suggested that if the Ethereum community were to support a rollback, it would be a possible course of action. Ethereum price pulled back after the hack, and was temporarily down before recovering.

Working with the Industry and Organisations

While many crypto exchanges distanced themselves from the FTX collapse, Bybit has received ample support from its peers. Exchanges including Binance and Bitget have offered to help stop the stolen ETH from moving. This collaborative effort among crypto exchanges highlights a growing recognition that unity is essential in the fight against cybercrime.