$ETH The Mystery Behind Bybit's $1.5 Billion Hacker Attack: Lazarus Group Steps Into the Light

On February 21, the cryptocurrency exchange Bybit experienced the largest cyber attack in its history. Nearly $1.5 billion worth of ETH and stETH was transferred from multi-signature cold wallets to unidentified addresses, marking a dark milestone in the security of the cryptocurrency industry.

The Attack and Infiltration Method

According to information from Arkham and on-chain analysis evidence from renowned investigator ZachXBT, the attack is believed to have been carried out by the Lazarus hacker group, a North Korean-linked attack team. Forensic images, time analysis, and a series of test transactions along with related wallets provided compelling evidence that this attack was not an accidental incident but rather a carefully planned operation.

Emergency Support from Major Exchanges

Right after the incident broke out, the cryptocurrency community quickly acted to maintain liquidity for Bybit. Many reputable exchanges transferred a large amount of ETH to Bybit's cold wallet to ensure that the exchange's operations were not disrupted while the investigation was underway:

Huobi: Huobi co-founder Du Jun committed to keeping the ETH sent for at least one month, with an amount up to 10,000 ETH – equivalent to about $27.3 million.

Bitget and Binance: These two exchanges also supported by transferring over 86,000 ETH, worth approximately $230 million, to Bybit's cold wallet.