North Korea-Linked Hackers Steal $1.4B from Bybit

Cryptocurrency exchange Bybit has suffered a significant security breach, resulting in the loss of over $1.4 billion in liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other ERC-20 tokens. This incident underscores the vulnerability of centralized exchanges, even those with robust security measures, to sophisticated cyberattacks.

Blockchain security analysts, including Arkham Intelligence and onchain sleuth ZachXBT, have linked the attack to Lazarus Group, a North Korean-backed hacker organization. Arkham has launched a bounty program offering 50,000 Arkham (ARKM) tokens, worth around $31,500, to identify the individual or organization responsible for the breach.

Analysts have attributed the attack to a sophisticated social engineering technique that deceived signers into approving a malicious transaction, draining crypto from one of Bybit's cold wallets. The Bybit hack is more than twice the size of the $600 million Poly Network hack in August 2021, making it the largest crypto exchange breach to date.

The attack shares similarities with the $230 million WazirX hack and the $58 million Radiant Capital hack. According to Meir Dolev, co-founder and chief technical officer at Cyvers, the Ethereum multisig cold wallet was compromised through a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change. This allowed the hacker to gain control of the cold wallet and transfer all ETH to an unknown address.

The $1.4 billion hack comes as a significant blow to the cryptocurrency industry, representing nearly half of the $2.3 billion stolen in crypto-related hacks in 2024. In response, crypto security firms like Cyvers are working on pre-emptive measures to combat future attacks. An emerging solution, known as offchain transaction validation, could prevent 99% of all crypto hacks and scams by preemptively simulating and validating blockchain transactions in an offchain environment.