Bybit Hack: Lazarus Group Steals $1.4B in Crypto – Recovery Efforts Underway

Andrew Chen
BYBIT

Getting your Trinity Audio player ready...

North Korean hacker group Lazarus stole $1.4 billion from crypto exchange Bybit. This massive breach has sent shockwaves through the crypto industry, reigniting concerns about security and the risks of centralized exchanges.

Bybit’s Counterattack: Tracking and Recovery Efforts

Bybit is not taking this attack lightly. With the support of top blockchain security firms and crypto organizations, the exchange is working tirelessly to recover the stolen funds. Bybit CEO Ben Zhou recently revealed that 88.87% of the stolen assets remain traceable, marking a significant improvement from earlier estimates of 77%.

Key Updates:

  • 3.54% of the stolen assets have been frozen
  • 7.59% have been lost, making them more challenging to recover

How Did Lazarus Pull It Off?

Cybersecurity firm Arkham Intelligence offered a bounty to identify those responsible, and well-known crypto investigator ZachXBT quickly cracked the case. Within ten days, the stolen funds had been moved through THORChain, a decentralized cross-chain protocol.

To cover their tracks, the hackers utilized multiple Bitcoin mixing services, including Wasabi, CryptoMixer, Railgun, and Tornado Cash. These tools obscure transaction histories, making it significantly harder to trace stolen assets.

A Global Team Effort

Bybit is rallying support from at least 12 organizations, including Mantle, Paraswap, and independent blockchain sleuths like ZachXBT. In a bid to speed up recovery efforts, Bybit has launched a bounty program, offering a 10% reward for any funds successfully retrieved. So far, the company has already paid out $2.2 million in bounties.

Previous Crypto Recovery Success Stories

While crypto hacks are devastating, some stolen assets have been successfully recovered:

  • Jump Crypto retrieved $140 million from the 2023 Wormhole hack.
  • In early 2024, $2.6 million was reclaimed from a Lazarus-led attack on Deribit and a digital casino, with help from U.S. authorities.

The Broader Threat: Lazarus Group and North Korea’s Military Funding

Lazarus Group isn’t just any hacking syndicate—it is a state-sponsored operation. A United Nations report revealed that 40% of Lazarus’ stolen funds are funneled into North Korea’s weapons of mass destruction program. Recognizing the grave threat, the FBI issued a warning last year about Lazarus’ increasing attacks on blockchain firms.

The Bybit hack underscores the persistent security vulnerabilities in the crypto space. While blockchain analytics and coordinated recovery efforts have helped track the stolen funds, the use of advanced laundering techniques like cross-chain swaps and mixers presents a significant challenge.

Also Read: Bybit Hack Update: $1.4 Billion Still Traceable as Investigators Pursue Lazarus Group

Beyond financial losses, this attack raises critical questions about the geopolitical implications of cybercrime in the blockchain industry. As efforts to reclaim the stolen billions continue, the crypto community remains on high alert.

Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.

Related Posts