North Korea’s Lazarus Group Linked to Bybit Hack: ZachXBT Solves Case
On-chain investigator zachxbt has exposed North Korea’s Lazarus Group as the masterminds behind the massive Bybit hack. This revelation earned ZachXBT a 50k ARKM bounty. The evidence was submitted at 19:09 UTC, conclusively linking the attack to the notorious hacking group.
The hackers targeted Bybit’s Ethereum (ETH) multisig cold wallet during a routine transfer. They manipulated the signing interface, showing the correct wallet address while altering the smart contract logic. Bybit CEO Ben Zhao confirmed losses exceeding $1.5 billion in crypto assets. Despite this, Zhao assured users that all withdrawals would be processed.
ZachXBT also uncovered connections between the Bybit and Phemex hacks. The attackers commingled funds from both incidents through the same initial theft addresses, a tactic typical of the lazarus Group. This overlap address is 0x33d057af74779925c4b2e720a820387cb89f8f65.
The bounty submission included detailed analyses of test transactions, wallet tracking, and timing. Arkham shared this evidence with Bybit to aid their examination. The incident began when Bybit detected unauthorized transfers from their ETH cold wallet, prompting an immediate investigation with blockchain forensics experts.
Bybit called for assistance from blockchain analytics teams for fund recovery. This hack is one of the largest in crypto exchange history. Other exchanges helped Bybit keep withdrawals open for users.
