In a significant blow to the cryptocurrency industry, Bybit has reportedly experienced a staggering $1.46 billion worth of “suspicious outflows.” Blockchain investigator ZachXBT first identified the anomaly, revealing that an unidentified wallet had received 401,346 ETH (approximately $1.1 billion) along with various forms of staked ether (stETH).
According to on-chain data from Etherscan, the recipient wallet has been actively liquidating mETH and stETH on decentralized exchanges, with an estimated $200 million in stETH already sold. The blockchain analytics firm Arkham Intelligence later attributed the attack to North Korea’s notorious Lazarus Group, confirming their findings after ZachXBT submitted what Arkham called “definitive proof” linking the hackers to the breach.
The attack was reportedly facilitated through a technique known as “Blind Signing,” a vulnerability where a smart contract transaction is approved without a comprehensive understanding of its contents. Ido Ben Natan, CEO of blockchain security firm Blockaid, warned that this attack vector is increasingly favored by advanced threat actors, including North Korean cybercriminals. Similar methods were used in previous hacks, including the Radiant Capital breach and the WazirX incident.
Bybit’s CEO, Ben Zhou, addressed the situation on X (formerly Twitter), confirming that a hacker had gained control of a specific ETH cold wallet and transferred its entire contents to an unknown address. Despite the massive loss, Zhou reassured users that Bybit remains solvent, even if the stolen funds are not recovered.
As the crypto community grapples with the implications of this breach, security experts are urging exchanges and investors to strengthen their defenses against increasingly sophisticated cyberattacks. Investigations into the incident are ongoing, with the industry watching closely to see how Bybit and regulators respond to one of the largest crypto hacks in recent history.
