Yesterday, the cryptocurrency exchange Bybit suffered a significant attack, resulting in the theft of assets worth $1.46 billion from one of its cold wallets. The stolen tokens included Lido Staked ETH (stETH), Mantle Staked ETH (mETH), and other ERC-20 assets.

Ben Zhou, CEO and co-founder of Bybit, confirmed the breach, noting that the perpetrators transferred $1.46 billion in assets from the cold wallet to a hot wallet. He explained that the attack was meticulously planned: the hackers disguised the malicious transaction to appear legitimate, embedding code that manipulated the wallet's smart contract logic.

Upon discovering the incident, Zhou sought assistance from leading blockchain security experts to trace the stolen funds and identify those responsible.

Shortly thereafter, the blockchain analytics platform Arkham Intelligence announced a reward of 50,000 ARKM (equivalent to $32,000) for information leading to the identification of the perpetrators.

Subsequently, Arkham informed the crypto community that independent analyst ZachXBT provided evidence linking the attack to the notorious North Korean hacker group, Lazarus Group. According to ZachXBT, the stolen $1.46 billion in ERC-20 tokens were moved to various addresses associated with Lazarus. The researcher also presented a detailed analysis of test transactions used by the attackers, as well as diagrams of their wallet interactions.

Additionally, ZachXBT provided forensic charts and a timeline of events confirming Lazarus Group's involvement in the attack. Arkham Intelligence has forwarded the obtained evidence to Bybit's management to aid in the investigation.

Experts note that Lazarus Group has been implicated in numerous high-profile cybercrimes. For instance, this organization was previously behind an attack on the Indian cryptocurrency exchange WazirX, resulting in the theft of $230 million, including assets like Shiba Inu and Ethereum.

How the Hackers Might Launder the Stolen Funds

After ZachXBT established Lazarus Group's involvement in the Bybit breach, Eric Wall, a board member of the Starknet Foundation, discussed potential steps the perpetrators might take to launder the assets.

According to him, the operational scheme aligns with the 2022 Chainalysis report, which describes Lazarus Group's typical cryptocurrency laundering algorithm. The first step involves converting ERC-20 tokens (such as mETH and stETH) into ETH. The hackers then exchange Ethereum for Bitcoin, subsequently selling BTC for fiat currency, most commonly Chinese yuan (CNY).

💸💲🧠 Get up to 5020 USDT as a welcome bonus and an additional 1025 USDT by using this referral on  Bybit