Lazarus Group Behind $1.48B Bybit Hack; Exchange Restores 1:1 Asset Backing

Coin WorldWednesday, Feb 26, 2025 2:49 pm ET

1min read

AMZN--

ETH--

Bybit, a leading cryptocurrency exchange, has concluded its investigation into a recent hack that resulted in the theft of approximately $1.48 billion from its Ethereum (ETH) wallet. The investigation, conducted by finance security firm Verichains and cybersecurity consultants Sygnia, has determined that the attack was carried out by the Lazarus Group, a hacker collective linked to North Korea.

The hack, which occurred on February 21, 2025, was made possible by a vulnerability in Safe, the crypto wallet used by Bybit. The attackers exploited a compromised

Amazon

Web Services (AWS) bucket to access the exchange's ETH wallet directly through Safe. The malicious code was introduced on February 19, 2025, and was designed to activate during the next Bybit transaction, which ultimately led to the theft of the funds.

In a statement, Safe confirmed the findings of the on-chain investigators, attributing the attack to a compromised Safe{Wallet} developer machine. Following the incident, the Safe{Wallet} team conducted a thorough investigation and has since restored the wallet on the Ethereum mainnet with a phased rollout. The team has also fully rebuilt and reconfigured all infrastructure, ensuring that the attack vector has been eliminated.

Bybit CEO Ben Zhou has stated that the exchange has restored a 1:1 backing on all client assets following the hack. This claim was supported by a proof-of-reserves audit report published by blockchain security auditor Hacken on Sunday, February 23, 2025. The report demonstrated that Bybit maintains an in-scope reserve ratio of greater than 100%, indicating that the exchange possesses sufficient reserves to cover its in-scope liabilities.

While the hack was a significant setback for Bybit, the exchange has taken steps to address the vulnerability and restore user confidence. The investigation into the attack has provided valuable insights into the methods used by the Lazarus Group, which can help other exchanges and crypto platforms enhance their security measures to prevent similar incidents in the future.

Comments

﻿

Add a public comment...

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.