The attack against Bybit, which resulted in losses of over $1.5 billion in cryptocurrencies, was reportedly perpetrated by Lazarus Group, a hacker organization linked to the North Korean government. This information was confirmed by Arkham Intelligence, a blockchain analysis platform, which assured that Lazarus Group was responsible for the attack. The data was provided by blockchain researcher Zachxbt, who presented conclusive evidence of the attack, including test transactions, connections between digital wallets, and forensic graphics that tracked the movements of stolen funds.
The analysis by Zachxbt included a detailed examination of the attack, which revealed that Lazarus Group used similar methods to those employed in previous hacks, such as the 2024 attack on the Japanese platform DMM Bitcoin, where over 4,500 BTC were stolen. The similarities in money laundering techniques and off-chain indicators suggest that Lazarus used the same tactics in both attacks. Arkham Intelligence took this information, compared the data, and shared its conclusions on its X account, stating that Zachxbt had presented definitive evidence that the attack on Bybit was carried out by Lazarus Group.
How was the authorship of the attack discovered?
The participation of Lazarus Group was first suggested by Zachxbt, who provided conclusive evidence of the attack. Arkham Intelligence then compared the data and shared its conclusions, which included a detailed analysis of the test transactions and connected wallets used before the exploit, as well as multiple forensic graphics and time analysis. This information was shared with the Bybit team, which helped deepen internal investigations. Previously, Bybit had offered a 50,000 ARKM (approximately $32,000) reward for those who could identify the individuals responsible for the hacking.
Response from Bybit
After the events occurred and reports were published, Bybit confirmed the magnitude of the attack. Ben Zhao, co-founder and CEO of Bybit, assured users that all withdrawals would be processed, even if they were subject to an exhaustive review. “At the moment, we are resorting to our partners to obtain a bridge loan that allows us to continue with operations without interruptions,” Zhao mentioned in a live broadcast. Zhao also indicated that, given the magnitude of the robbery, they would not make significant purchases of Ethereum or other assets in the short term, as moving such large amounts could result in unwanted price movements in the market.
Lazarus Group: The face behind the biggest crypto hacks
This is not the first time that Lazarus Group has been involved in a major attack. In 2024, the hacking of the Japanese platform DMM Bitcoin was attributed to the group, where over 4,500 BTC were stolen, valued at over $300 million at the time. The similarities in money laundering techniques and off-chain indicators suggest that Lazarus used similar methods in both attacks. The group’s involvement in these attacks raises questions about the effectiveness of current protection measures on crypto exchange platforms.
The impact on the crypto ecosystem
This attack highlights persistent vulnerabilities in the cryptocurrency sector, despite progress in digital security. It also raises questions about the effectiveness of current protection measures on crypto exchange platforms. As international authorities increase their efforts to track and sanction the illegal activities of groups such as Lazarus, the challenge remains to balance technological innovation with the safety of the decentralized financial system. The attack on Bybit is considered the largest individual theft in the history of the crypto ecosystem, with losses exceeding $1.5 billion in cryptocurrencies.