- ZachXBT linked North Korea’s Lazarus Group to the Bybit hack.
- The hack stole $1.46 billion in staked Ether and ERC-20 tokens; his evidence earned him a 50,000 ARKM bounty (~$31,500).
- His research also connected the Bybit hack to the recent Phemex hack through shared theft addresses.
ZachXBT Ties Lazarus Group to Bybit Hack
On-chain researcher ZachXBT has pointed to North Korea’s Lazarus Group as the culprit behind the recent Bybit hack. $1.46 billion in staked Ether and other ERC-20 tokens were stolen. Arkham Intelligence reported that ZachXBT provided irrefutable evidence linking the attack to the Lazarus Group. This earned him a reward of 50,000 ARKM, approximately $31,500, from Arkham’s bounty program.
The hack occurred on February 21. Attackers exploited Bybit’s Ethereum multisig cold wallet during a routine transfer to the warm wallet. They manipulated the signing interface to display the correct wallet address while altering the smart contract logic. Bybit CEO Ben Zhou confirmed losses exceeding $1.5 billion in crypto assets. He reassured users that withdrawals would continue, even those currently under review.
This attack is one of the largest crypto exchange hacks ever. Several crypto players, including Justin Sun and representatives from OKX and KuCoin, expressed support for Bybit. They emphasized the need for joint action against cybercrime and for maintaining market trust.
ZachXBT’s research also linked the Bybit hack to the recent Phemex hack. The attackers mixed funds from both incidents using the same initial theft addresses. This tactic aligns with Lazarus Group’s documented methods.
Arkham Intelligence has provided the forensic data to Bybit’s team for further investigation. The incident underscores the ongoing threat of state-sponsored cyberattacks in the crypto space.
Highlighted Crypto News Today
Is Chainlink (LINK) Losing Its Grip as Bulls Struggle Below $18?
