{"id":829859,"date":"2025-02-26T08:11:41","date_gmt":"2025-02-26T14:11:41","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2025\/02\/26\/bybit-reels-from-1-5b-hack-by-north-korea\/"},"modified":"2025-02-26T08:11:41","modified_gmt":"2025-02-26T14:11:41","slug":"bybit-reels-from-1-5b-hack-by-north-korea","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2025\/02\/26\/bybit-reels-from-1-5b-hack-by-north-korea\/","title":{"rendered":"Bybit reels from $1.5B hack by North Korea"},"content":{"rendered":"
\n
\n
    \n
  1. Homepage<\/a><\/li>\n
  2. > <\/li>\n
  3. News<\/a><\/li>\n
  4. > <\/li>\n

  5. \n Business
    \n <\/a><\/li>\n
  6. > <\/li>\n
  7. Bybit reels from $1.5B hack by North Korea<\/li>\n<\/ol>\n<\/div>\n

    The record-setting hack of the Bybit<\/a> digital asset exchange and the ensuing calls to roll back the Ethereum<\/a> network (again) prove the need for proper legal recourse when customers are illegally deprived of their assets.<\/p>\n

    Panic spread through the \u2018crypto\u2019 world on February 21 after Bybit was hacked for over $1.4 billion worth of Ethereum\u2019s ETH<\/a> token, the largest exploit of its kind\u2014in crypto or beyond. The role of crypto Paul Revere was played by blockchain researcher @ZachXBT<\/a>, who almost immediately flagged North Korea\u2019s infamous Lazarus Group<\/a> of hackers as the culprits behind the Bybit exploit<\/a>.<\/p>\n

    Bybit CEO Ben Zhou confirmed the exploit<\/a>, which occurred as the exchange was transferring tokens from an ETH multi-sig<\/a> cold wallet to its \u2018warm\u2019 wallet. The exploiters had installed malicious code that allowed Bybit staff to see what they believed was occurring.<\/p>\n

    But behind the scenes, the hackers were altering the smart contract logic to grant themselves access to Bybit\u2019s cold wallet<\/a>. The entirety of the wallet\u2019s contents were then transferred to a different wallet outside Bybit\u2019s control.<\/p>\n

    Bybit tried to calm the waters<\/a> by insisting that all customer funds were safe, but customers understandably freaked out and began flooding the exchange with withdrawal requests. Later, on a livestream, Zhou said 70% of these withdrawals had been \u201capproved and processed\u201d but warned that \u201cnetwork congestion\u201d meant customers might have to wait a few hours to be reunited with their funds.<\/p>\n

    Bybit later said it had secured a \u201cbridge loan\u201d to ensure it had enough ETH to process \u2018in-kind\u2019 withdrawals. Lookonchain<\/a> reported that Bybit had received nearly 447,000 ETH via \u201cloans, whale deposits and ETH purchases\u201d from Galaxy Digital<\/a>, FalconX, Wintermute and others. By late Sunday, Zhou claimed<\/a> the site was back to \u201c100% 1:1 on client assets,\u201d and all withdrawals were processing as normal.\u00a0<\/p>\n

    While Zhou insisted that Bybit\u2019s ETH wallet was the only one of its access points to be compromised in this fashion, not everyone is convinced<\/a>. The thinking goes, if Lazarus could boldly infiltrate and exploit the exchange without Bybit\u2019s knowledge, how could it be sure that additional vulnerabilities aren\u2019t lurking in its existing hardware, servers, and other infrastructure?<\/p>\n

    There are also suspicions that Bybit may have one or more moles in their midst. North Korea has become infamous for sending members of its hacking groups out into the wild with fake documentation\/backstories seeking jobs at blockchain projects. Once onboarded, they have a greater capacity to probe for flaws in security protocols with predictable results.<\/p>\n

    As far as most Bybit customers are concerned, the immediate crisis is past. That said, Bybit still has a $1.4 billion hole in its books; it\u2019s just been papered over by new debt and other obligations.<\/p>\n

    Kim Jong-unbelievable<\/strong><\/p>\n

    While everyone was focused on getting their money off Bybit as fast as possible, the hackers were busy laundering their ill-gotten gains.<\/p>\n

    First, they split the stolen ETH into smaller chunks, which were then transferred to dozens of wallets. After that, the tokens were sent to various Ethereum-based decentralized finance<\/a> (DeFi) platforms, including Sky (the rebranded MakerDAO<\/a>), OKX<\/a> DEX and Uniswap<\/a>.<\/p>\n

    The hackers\u2019 initial focus appears to have been on swapping ETH for DAI, the MakerDAO\/SKY-issued decentralized stablecoin<\/a> that lacks the ability to freeze tokens on-chain. Blockchain researchers Elliptic later reported<\/a> that, given Lazarus\u2019s traditional methods, the next step would be to send tokens to coin mixers<\/a>. Lazarus has previously been flagged for using mixers<\/a> like Tornado Cash<\/a> to obfuscate the trail of their getaway cars. (Good thing U.S. courts have taken a shine<\/a> to Tornado Cash, huh?)<\/p>\n

    Bybit has offered a bounty of up to 10% of recovered tokens and publicly thanked<\/a> several DeFi entities\u2014as well as the Tether<\/a> stablecoin issuer for freezing 181,000 USDT<\/a>\u2014for doing what they could to stem this tide.<\/p>\n

    \n

    Notable for their exclusion from this \u2018thank you\u2019 card is eXch, a non-KYC (know your customer) exchange that received some of the stolen tokens<\/a>. On the Bitcoin Talk forum, eXch posted an email it received from Bybit asking it to freeze tokens, to which eXch offered a flippant response<\/a> citing what it claimed were \u201cdirect attacks on the reputation of our exchange by ByBit over the past year.\u201d<\/p>\n

    eXch went on to claim that it wanted \u201ca clear explanation as to why we should consider providing assistance to an organization that has actively undermined our reputation.\u201d Bybit\u2019s Zhou tweeted<\/a> his hope that eXch would \u201creconsider\u201d its position, given that the situation was \u201creally not about Bybit or any entity, it\u2019s about our general approach towards hackers as an industry.\u201d\n<\/p>\n<\/div>\n

    Responding to allegations by ZachXBT<\/a> (and others<\/a>) regarding its role in this affair, eXch insisted<\/a> that it \u201cis NOT laundering money for Lazarus\/DPRK.\u201d eXch added that it had only processed an \u201cinsignificant portion of funds from the ByBit hack\u201d and said the fees derived from this \u201cisolated case\u201d would be \u201cdonated for the public good.\u201d<\/p>\n

    Does anyone have one of those Men in Black memory-wiping thingies?<\/strong><\/p>\n

    The sheer scale of the heist, along with the fact that it was entirely focused on ETH, led to calls for Ethereum\u2019s gatekeepers to take a page out of history and roll the network back to its pre-hack state to \u2018undo\u2019 the theft.\u00a0<\/p>\n

    In 2016, Ethereum chose that nuclear option<\/a> following the exploit of TheDAO, a decentralized autonomous organization<\/a> that lost 3.6 million ETH. That was 9x the number of ETH tokens stolen from Bybit, although ETH was worth only a fraction of its current value in 2016.<\/p>\n

    Following a contentious vote in which ETH whales were given a greater say than the plebs, the network underwent a hard fork that returned the tokens to their rightful owners. However, a vocal minority insisted this violated the \u2018code is law\u2019 tenet and chose to stick with the original network, which was renamed Ethereum Classic.<\/p>\n

    While the suggestion of a new hard fork was raised almost immediately following news of Bybit\u2019s victimization, nobody expects Ethereum to go through all that again. For one thing, TheDAO\u2019s smart contract<\/a> imposed a month-long pause on transactions, meaning the stolen tokens were still technically there, just inaccessible absent the fork. Meanwhile, the Bybit tokens are being moved and converted as we speak.<\/p>\n

    That said, calls for a rollback would have been much louder had Bybit not taken the as-yet-not-completely-understood financial steps to ensure customers weren\u2019t left holding the (empty) bag. The price of ETH, which took a precipitous dip as news of the hack broke, recovered most of its losses, only to sink again on February 24 after people remembered it was still ETH.\u00a0<\/p>\n

    A better way<\/strong><\/p>\n

    Imagine that Bybit\u2019s losses involved a different token on a different chain, one that required its nodes\u2014including the entities responsible for processing transactions\u2014to abide by a set of Network Access Rules<\/a> (NAR). These rules would ensure an honest, law-abiding network environment, offering users greater transparency and a degree of confidence that\u2019s sorely lacking in most other chains.<\/p>\n

    Now imagine that this other network has a functional Alert System<\/a> that can (among other things) sound the alarm when \u2018crypto crooks\u2019 get their hands on tokens that don\u2019t belong to them. A system that could signal network nodes to freeze tokens in place before the bad guys can direct their stolen loot into a coin mixer or cross-chain bridge<\/a>.<\/p>\n

    Now<\/em>, imagine that this network can utilize these rules and tools to provide a service called Digital Asset Recovery<\/a> (DAR). This allows theft victims to make a complaint, which would be investigated thoroughly to ensure that the victim has a rightful claim to the tokens in question.<\/p>\n

    A court order is then obtained, and the network broadcasts the specifics to the network nodes, which are then obligated to freeze the tokens on-chain. The frozen tokens are then destroyed, and replacements are issued at the tip of the chain to their rightful owner(s), with the full history and origin of the tokens available to all.<\/p>\n

    Sounds a lot like legitimate legal recourse in real life, doesn\u2019t it? Unless we missed that section of the Bitcoin white paper<\/a> where it says the network is an anarchic hybrid of Mos Eisley<\/a>\u00a0and Thunderdome<\/a>, it seems like the basic laws of property should still apply on the blockchain, shouldn\u2019t they?<\/p>\n

    Just sayin\u2019, but if the Bybit scandal had occurred on this network<\/a>, the uproar wouldn\u2019t have lasted past lunchtime.<\/p>\n

    Watch: Chronicle Upgrade, Teranode, and Bitcoin Stewardship<\/p>\n