Blockchain analytics firm Elliptic revealed that the Bybit hack is linked to North Korean hackers who laundered the money using over 11,000 wallets.
By Bhushan Akolkar
Edited by Julia Sakovich
Updated
2 mins read
As per blockchain analytics firm Elliptic, Bybit crypto exchange hack, one of the biggest thefts in the crypto industry with $1.4 billion in stolen funds, has links to North Korean hackers who laundered the money using more than 11,000 wallets.
Four days after the hack on Tuesday, February 25, Bybit co-founder and CEO Ben Zhou announced a “war” against the Lazarus Group, the state-sponsored notorious hacking group of North Korea. In its effort to recover stolen assets, Bybit launched a blacklist wallet API and announced a bounty for tracking the funds.
On the other hand, blockchain analytics firm Elliptic unveiled a publicly accessible data feed containing the wallet addresses having links to North Korean hackers. This initiative aims to assist the community in avoiding exposure to sanctioned entities and curbing the laundering of stolen assets. In its investigative report, the Elliptic team said:
“Addresses associated with the Bybit exploit were identified and available to screen within just 30 minutes of the announcement, protecting customers without the need for them to conduct repetitive manual checks.”
Elliptic’s intelligence API has identified 11,084 crypto wallet addresses potentially linked to the Bybit exploit. The number is likely to increase as investigations continue.
Thx to the @elliptic team for putting up a real time bybit exploit data, really appreciate the effort and work put into helping us. https://t.co/bmFZJ0Hn3y
— Ben Zhou (@benbybit) February 26, 2025
Crypto exchange Bybit has enlisted Web3 security firm ZeroShadow to conduct blockchain forensics following the recent exploit that compromised the platform. ZeroShadow will have the responsibility to trace and freeze stolen funds to maximize their recovery.
As per the blockchain analytics firm Chainalysis, the exploit started with a phishing campaign targeting cold wallet signers on crypto exchange Bybit. The attackers intercepted a routine transfer from Bybit’s Ethereum cold wallet to a hot wallet. Portions of the stolen Ether ETH $1 803 24h volatility: 1.6% Market cap: $217.55 B Vol. 24h: $14.56 B were later converted into Bitcoin BTC $81 943 24h volatility: 1.4% Market cap: $1.63 T Vol. 24h: $20.47 B , Dai DAI $1.00 24h volatility: 0.0% Market cap: $3.29 B Vol. 24h: $131.62 M , and other cryptocurrencies, which were then moved across different networks to obscure their trail.
Crypto exchange Bybit effectively maintained the platform stability despite the significant breach, while keeping withdrawals open. The exchange secured external liquidity through loans to continue operations uninterrupted. On February 25, Bybit began repaying these loans, including a transfer of 40,000 ETH back to Bidget.
Bybit’s proactive measures come alongside its recent registration with Indian authorities, allowing the platform to restore services in the country.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
Bhushan is a FinTech enthusiast and holds a good flair in understanding financial markets. His interest in economics and finance draw his attention towards the new emerging Blockchain Technology and Cryptocurrency markets. He is continuously in a learning process and keeps himself motivated by sharing his acquired knowledge. In free time he reads thriller fictions novels and sometimes explore his culinary skills.
