North Korean infiltrators are linked to $ 1.5 billion in encryption

During the weekend, Blockchain security companies and experts of the North Korea Lazaros Group have linked more than $ 1.5 billion of Cryptocurrency Exchange bybit.

In what is now considered the largest encryption theft in history, attackers have intercepted a planned money from a cold Bybit portfolio to a hot portfolio, and to redirect encryption assets to Blockchain under their control.

“On February 21, 2025, at approximately 12:30 pm UTC, Bybit discovered an unauthorized activity inside one of our cold governor (ETH) during the routine transportation. Transport was part of a scheduled step from ETHIS from ETHER MULTISIG COLD a wallet for our hot wallet “. Clear bybit In the post -death period published on Friday.

Unfortunately, the treatment was manipulated by an advanced attack that changed the logic of the smart contract and the richest of the signature interface, allowing the attacker to control the Cold ETH portfolio. As a result, more than 400000 ETH and Steth were more than $ 1.5 billion that was transferred to an unidentified address .

While this led to the theft of more than $ 1.5 billion of ETH and Steth, Bybit said its services were not largely affected despite the existence of a huge wave of 580,000 withdrawal requests after the accident was detected. He also added that all the governor and other cold origins remained safe.

Exchange of encryption since then ETH reserves restoreThe CEO of the company says this Peppent solvent Even if the lost assets are not completely recovered.

Bybit Crypto-Heist is linked to the infiltrators of Lazaros

Since the attack, Zachbt’s coding investigator Links discovered Between the BYBIT infiltrat Ethereum address It was previously used in PhenExand BingxAnd Poloniex The breakthroughs.

“Today when money laundering for penetration bybit, Hack Poloniex has also been linked to the series in the monotheism title 0x15EC,” Zakist said. “This now shows that the same entity is associated with four different penetrations (bybit, poloniex, Phenex, Bingx).”

Also researcher He said The threatening actors launched and traded Meme Fun Meme to wash the stolen cryptocurrency, with money by breach bybit Access to more than 920 Blockchain headings. Zachbt He also claimed The infiltrators in Lazarus is washing ETH from the Bybit Break using Excr (central mixer) and Bitcoin Dam Boasts via a chain.

They said: “The prominent EXCR team (96 thousand dollars) was sent to the hot portfolio for another exchange after washing $ 35 million+ for the Lazaros group from the BYBIT penetration today.”

Zachxbt results Asserted Under TRM Labs TRM LABS, which determined “High Confidence” that North Korean infiltrators were behind the BYBIT penetration “based on fundamental interventions observed between the addresses -controlled by BYBIT and those related to the previous theft in North Korea.

Blockchain analysis company He said The infiltrators in Lazarus have already transferred the stolen money through large numbers of coded currency portfolios to hide the actual assets of the assets and slow the tracking attempts.

“It seems that there is one exchange in particular, and I washed tens of millions of millions of stolen assets, despite calls from Bybit to stop this,” Tom Robinson, English founder Tom Robinson, told BleepingComputer. “The stolen assets are often converted into bitcoin – if previous washing patterns are followed, we may expect to see the use of the following Bitcoin mixers – to try to hide the money pass.”

However, it is looking deny Washing stolen money from bybit, Say this “EACK No Money Laundering for Lazarus/DPRK” and this “unimportant part of the money from a penetration Bybit in the end is our address [..] It was an isolated case and the only part that is dealt with through our exchange, the fees that will be donated for the public good. “

In December, Blockchain Chainalysis He stole 1.34 billion dollars in 47 hurry to encrypt In 2024, the previous record of $ 1.1 billion was broken from 2022.

In one attack in March 2022, Two groups of North Korean piracy (Lazaros and Blonurov) He stole 620 million dollars In the encrypted currency (173,600 ethereum and 25.5 million USDC codes) from the Axie Infinity’s Ronin network bridge.