Crypto traders faced gains and losses on Friday as a significant security breach hit Bybit, resulting in the theft of $1.5 billion. This incident, marking the most significant crypto theft in history, occurred just as Coinbase celebrated the SEC’s decision to drop its lawsuit.
Bybit, a Dubai-based exchange handling $36 billion in daily trades, confirmed the breach immediately. CEO Ben Zhou announced on X that hackers had taken control of an Ethereum cold wallet and transferred all its funds to an unidentified address. Following the hack, Bitcoin experienced a 3% decline, dropping from $98,000 to around $96,000, according to CoinGecko.
Concerns over crypto security and deregulation
Security concerns in the crypto space have further escalated because of this attack as the regulatory changes continue to take effect. As the SEC withdraws its oversight, exchanges encounter reduced regulatory demands, which exposes them to potential cyber attacks.
American University professor Hilary Allen explained to the public that though short-term deregulation could look beneficial it would create serious security problems. The blockchain investigator ZachXBT followed stolen Ethereum funds to discover connections with Lazarus Group funds operated by North Korea. Authenticated by the state Lazarus Group has established itself as a significant cybercriminal force responsible for stealing large sums from WazirX and Radiant Capital.
Lazarus employs a complex laundering process, converting stolen Ethereum into Bitcoin and utilizing mixing services before cashing out through Chinese OTC brokers. This method makes fund recovery nearly impossible, as the group sometimes holds onto stolen assets for years before moving them.
Bybit faces massive withdrawal surge
Even before Bybit’s official announcement, users noticed unusual fund outflows. Following the confirmation, CEO Ben Zhou addressed the community on X, explaining how the hackers accessed the Ethereum cold wallet and transferred the funds.
Chief Executive Officer Gracy Chen of Bitget assured users Bitbyt had enough reserves. Chen explained that the substantial financial loss equaled the total annual profit of Bybit. The sudden outbreak of panic caused users to request 350,000 withdrawals throughout ten hours. The system at Bybit managed to handle most of the transactions but failed to process two thousand one hundred transactions owing to operational constraints.
Despite holding $16.2 billion in reserves, Bybit saw 9% of its assets wiped out. To stabilize the situation, rival exchange Bitget provided a loan of 40,000 ETH ($106 million) to support withdrawals. Zhou assured users that Bybit remained solvent, acknowledging the unprecedented number of withdrawals.
Lazarus group and North Korea’s cyber warfare
Security experts from Chainalysis have linked Lazarus Group’s cybercrimes to North Korea’s weapons program. The group has consistently evaded U.S. and U.N. sanctions by refining its laundering techniques.
Lazarus conducted $400 million worth of cryptocurrency theft operations during 2021. Ethereum has become the group’s new target, and it now controls 58% of stolen cryptocurrency funds. These cybercriminals’ implementation of mixing services has severely complicated the process of identifying and recovering stolen funds.
The crisis ended when Zhou stated that all withdrawal requests were processed before the system activated standard operations. He assured users that the detailed report and security updates would be released soon.