The biggest cybercrime ever recorded 1.3 billion euros stolen by hackers from one of the largest cryptocurrency trading platforms
This story has a lot to tell us. In other words, the victim here is not a person but Bybit, one of the largest cryptocurrency exchanges in the world, with over 40 million users.
In this case, the hackers gained access to the company’s cold Ethereum wallet, which is considered the most secure system for storing access keys to cryptocurrencies. But how did they manage to bypass all the security measures?
They attacked the Ethereum cold wallet, also called a cold wallet, which, in short, is an offline system that stores access keys to cryptocurrencies and is considered the most secure. In fact, it is a multi-signature wallet, which requires multiple approvals to approve a transaction.
The company’s executives appear to have been moving funds from their cold wallet to a hot wallet, which stores keys in networked locations, as part of a routine operational process. The attackers were then able to create a fake interface that exactly mimicked the wallet management platform used by Bybit.
This fake site had verified addresses and URLs, which didn’t raise any suspicions. Once everyone who was supposed to sign the transaction did so, the hackers transferred the money to an unknown location.
Following the attack, research firm Arcam Intelligence discovered that funds were being moved to new addresses and sold. Currently, Bybit’s collaboration with other platforms has led to the blocking and freezing of nearly $43 million in stolen funds.
Initial investigations suggest that the Lazarus Group , a North Korean hacker group, may be behind the theft. Ari Redbord, global director of political and government affairs at TRM Labs, said the attack followed their step-by-step modus operandi.
“North Korean hackers don’t hide their tracks because they operate outside the reach of law enforcement,” he added. Without going any further, this name certainly sounds familiar to you. In 2024, the protagonists of the story were the ones behind a Windows 11 vulnerability, known as CVE-2024-21338, which kept Microsoft under surveillance for a very long time and affected thousands of computers.
According to a recent study by Chainalysis, the Lazarus Group was responsible for nearly 35% of all stolen funds in 2024, with a total of $800 million in crypto stolen in macro operations.