Pseudonymous blockchain security sleuth ZachXBT identifies infamous North Korean hackers, the Lazarus Group, as the mastermind behind the $1.46 billion Bybit hack.
Yesterday, Bybit suffered a devastating attack, resulting in the loss of $1.46 billion worth of cryptos from one of the exchange’s cold wallets. The tokens stolen in the incident include Lido Staked ETH (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens.
Confirming the incident, Bybit CEO and co-founder Ben Zhou said the attackers transferred the $1.46 billion ERC-20 tokens from one of its cold wallets to a hot wallet.
He explained that the malefactors disguised a malicious transaction to make it appear legitimate. However, it hid a malicious source code within the transaction that manipulated the wallet’s smart contract logic.
ZachXBT Identifies North Korea’s Lazarus Group as Mastermind Behind Bybit’s Hack
Following the incident, Zhou called for assistance from blockchain security experts to help track the stolen funds.
Notably, blockchain analytic platform Arkham Intelligence announced a 50,000 ARKM ($32,000) bounty for any security expert who can identify the perpetrators of the Bybit attack.
Shortly after the announcement, Arkham updated the crypto community that ZachXBT had provided proof showing that the infamous North Korea hacking group stole the $1.46 billion worth of ERC-20 tokens. Arkham noted that ZachXBT’s proof included a detailed analysis of test transactions and connected wallets used in the exploit.
Additionally, the blockchain sleuth also provided forensic graphs and timing analyses of the hack, confirming that the Lazarus Group perpetrated the attack on Bybit. Arkham confirmed that it had submitted the evidence to Bybit to aid its investigation.
This revelation did not shock many, given that the Lazarus Group has been involved in multiple crypto heists worth billions of dollars. For instance, it was identified as the entity behind the attack on India’s crypto exchange WazirX, which led to the loss of $230 million worth of cryptos, including Shiba Inu and Ethereum.
How Group Might Cash Out Stolen Funds
With ZachXBT identifying Lazarus Group as the mastermind of the attack, Eric Wall, a board member of Starknet Foundation, revealed what would happen to Bybit’s stolen $1.46 billion funds.
The expert referenced a Chainalysis 2022 report highlighting the steps the hacking group uses to launder stolen cryptos.
First, Lazarus Group usually converts all ERC-20 tokens, like mETH and stETH, into ETH. Afterward, it swaps the ETH for Bitcoin and subsequently sells the BTC for fiat currency, specifically the Chinese Renminbi (CNY)
Lastly, this group ultimately uses the fiat currency to fund North Korea’s nuclear program. According to Wall, this laundering process could take years as the group aims to ensure the funds move unprotected.
If you want to understand what happens to funds after they’re stolen by North Korea/Lazarus Group, the Chainalysis 2022 report is great
Step 1: Swap any ERC20s (like stETH) into ETH
Step 2: Swap any ETH into BTC
Step 3: Cash out BTC to cash (Chinese Renminbi) using Asian… pic.twitter.com/cmxUEAHRZN
— Eric Wall | BIP-420 🐱 (@ercwl) February 21, 2025
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
