PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.
The $1.4 billion hack at Bybit—the largest known cryptocurrency heist in history—has been traced to the notorious Lazarus North Korean hacking group.
Blockchain detective ZachXBT, who’s investigated other crypto heists, spotted the stolen Ethereum funds moving through cryptocurrency wallets previously used by Lazarus to launder funds looted from other exchanges, including Poloniex, BingX, and Phemex.
Blockchain tracking companies, including TRM Labs and Elliptic, later confirmed the findings. “TRM has determined—with high confidence—that the Bybit hack was perpetrated by North Korean hackers,” it said. “This assessment is based on substantial overlaps observed between addresses controlled by the Bybit hackers and those linked to prior North Korean thefts.”
The heist raises concerns that North Korea will try to use the stolen Ethereum to fund its military and weapons programs. The US alleges that North Korean hackers stole at least $659 million last year in cryptocurrency.
Elliptic says that the Bybit hackers initially transferred stolen Ethereum to 50 different wallets before laundering the funds through other cryptocurrency exchanges and platforms in an effort to convert the stolen funds into Bitcoin.
In particular, the hackers have been using an exchange called eXch, which can facilitate anonymous cryptocurrency transactions. “Our analysis shows that since the hack, cryptoassets stolen from Bybit worth over $75 million have been exchanged using eXch. Despite direct requests from Bybit, eXch has refused to block this activity,” Elliptic said.
In a forum post, eXch denied that it’s been laundering cryptocurrency for the Lazarus group, saying an “insignificant” portion of the stolen funds went to one of its addresses. “We have previously cautioned the public about the risks of relying on the opinions of amateur researchers like ZachXBT and his teenage peers,” eXch shot back, although the exchange has since blacklisted the flagged cryptocurrency addresses.
In the meantime, other exchanges and blockchain companies are intervening to try and seize the stolen crypto. Bybit reported on Sunday that $42.8 million was frozen in one day. In addition, the company made up for the lost $1.4 billion in Ethereum through emergency loans.
It’s unclear how the hackers breached Bybit. For now, the company has suggested the attackers remotely hijacked computers at the exchange and tampered with the interface used to execute cryptocurrency transfer from its offline cold wallets.
Read the full article here
