The crypto exchange platform Bybit is offering a reward of $140 million to any individual or organisation who can help trace and freeze $1.4 billion worth of cryptocurrency stolen from its coffers. This follows the recent hack of the platform, believed to be the largest crypto hack in history, which resulted in the loss.
Bybit’s CEO and Co-founder Ben Zhou explained that every moment an individual traces and freezes some of the stolen funds, 5 per cent would be awarded to the person who found them and another 5 per cent to the “entity” that froze the funds.
The Bybit CEO also published the preliminary results of the forensic investigation into the hack. The check was led by two companies, Sygnia Labs and Verichains. Sygnia concluded that the “root cause” of the attack was malicious code coming from the infrastructure of SafeWallet, a crypto wallet platform.
Verichains said a benign JavaScript file was replaced with a malicious version “specifically targeting Ethereum Multisig Cold Wallet of Bybit.” However, both investigating security companies concluded that hackers breached a developer’s device at SafeWallet, as Bybit noted while relating the breach.
Bybit also announced on Monday that it has recovered from its $1.46 billion loss through loans, whale deposits, and Ethereum (ETH) purchases.
Explicitly, Bybit received 157,660 ETH ($437.8 million) from one address presumed to be through over-the-counter buying. Another address, possibly through the same medium, sent 22,609 ETH ($61.9 million).
Cryptocurrency worth over $127 million in ETH was provided as loans by whales and institutions, with MEXC contributing 12,653 stETH ($33.9 million) and crypto exchange Bitget providing 40,000 ETH ($106 million).
Also rising to Bybit’s loss situation is an unknown entity that transferred 20,000 ETH ($53.7 million). Mirana Ventures sent 10,000 ETH ($28 million), and another address, possibly linked to Fenbushi Capital, sent the same amount. The development also pushed the ETH price to recover 6 per cent from the previous week’s drop.
Read More: Bybit recovers from $1.4 billion worth of crypto losses to hackers.
Bybit hack and war against Lazarus Group
A series of security researchers, crypto security and monitoring firms believe the hackers behind the massive Bybit are related to the North Korean government, and most notably, the Lazarus Group.
Lazarus Group is a tagged name in cybersecurity industries assigned to a broad group of North Korean-backed hackers focused largely on cryptocurrency thefts.
On an X post, Zhou had declared war against the Group with a mention of the bounty website. He described the address as the industry’s first bounty site that shows aggregated full transparency on the sanctioned Lazarus money laundering activities.
“We have assigned a team to maintain and update this website, we will not stop until Lazarus or bad actors in the industry are eliminated. In the future we will open it up to other victims of Lazarus as well,” Zhou wrote.
Over the years, the group has become notorious and effective at targeting crypto exchanges and web3 companies, stealing $650 million in crypto in 2024 alone, according to the governments of the United States, Japan, and South Korea.
Last month, the trio nation released a joint statement claiming that North Korean-backed hackers have stolen about $659 million through multiple cryptocurrency heists in 2024. It also accused the country of deploying information technology workers as spies in several blockchain companies.
They claimed that North Korea was behind the July 2024 $235 million hack of WazirX, India’s largest cryptocurrency exchange. Other major attacks included a $308 million theft from Japan’s DMM Bitcoin, $50 million each from Upbit and Radiant Capital, and $16.13 million from Rain Management.
They raised the alarm that Lazarus Group conducted social engineering attacks and deployed cryptocurrency-stealing malware like TraderTraitor to breach several exchanges. It added that Asian countries are infiltrating companies by having North Korean IT workers pose as job candidates.
Backing the claims, data from Chainalysis reported by Technext showed that North Korean hackers were responsible for 61% of all cryptocurrencies stolen in 2024, totalling $1.34 billion.
In 2023, they stole around $660.5 million through 20 incidents while this amount increased to $1.34 billion across 47 cases in 2024, marking a whopping 102.88 per cent surge in stolen value. This means that North Korea accounts for 61 per cent of the total stolen crypto for the year and 20 per cent of all incidents.
The report suggested that the hackers have strong backing from the North Korean governments as these attackers often channel stolen funds into state-sponsored projects, including weapons of mass destruction and missile programs by avoiding global sanctions.
Despite the YoY drop in the total number of incidents across all scales, the statistics of North Korea’s cryptocurrency attacks continue to grow. Mostly in 2024, there was a noticeable dominance in large-scale attacks involving $50 to $100 million and amounts exceeding $100 million.
On security measures, the report urged cryptocurrency companies to examine prospective employees more rigorously, ensure periodic training of their teams, and improve private key hygiene to safeguard their assets. Other mentioned initiatives are data-sharing initiatives, advanced tracing tools, and targeted training.
Technext Newsletter
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!
