Lazarus Group Ties Bybit and Phemex Crypto Hacks to Shared Hacker Wallet
Blockchain sleuths have uncovered a vital link between two massive cryptocurrency breaches, connecting the $1.4 billion Bybit hack and the $29 million Phemex exploit to the notorious North Korean hacker group known as the Lazarus Group. The spotlight is on a shared wallet address, 0x33d057af74779925c4b2e720a820387cb89f8f65, identified by seasoned analysts like ZachXBT. This discovery sheds light on the increasing sophistication and persistence of state-sponsored cybercrime, with North Korea being a notable player in this nefarious arena.
The Bybit hack, which stands as the largest cryptocurrency exchange theft in history, involved a cold wallet that fell victim to cleverly orchestrated deceptive transactions. Cyvers’ expert Meir Dolev uncovered that signers were tricked into approving malicious smart contract changes, paving the way for the subsequent siphoning of funds. Not resting on their laurels, the culprits then laundered these assets through mixers such as Tornado Cash and bridged the currency over to Bitcoin, epitomizing the complex trail blazed by cybercriminals.
In a statement, Bybit CEO Ben Zhou assured customers that withdrawals are back to normal, while promising to release a comprehensive incident report paired with enhanced security protocols. Meanwhile, renowned security firms Arkham Intelligence and TRM Labs have corroborated claims of Lazarus Group's involvement, aligning the incidents with their well-documented methods and historical ties to crypto thefts that bankroll North Korea's state objectives.
Overlapping wallet addresses between Bybit and Phemex underscore the seamless integration of these breaches. Notably, the Phemex exploit saw its funds laundered across a staggering 11 different blockchains, further complicating the digital maze investigators must navigate. This sophisticated tradecraft mirrors previous North Korean-linked attacks, confirming once again the enormous challenge that national and global authorities face in combating these tech-savvy digital pirates.
This situation serves as a sober reminder of the vulnerability of digital financial platforms and the expertise possessed by those malefactors affiliated with nation-state sponsored cybercrime. As the dust begins to settle from these gigantic hacks, the cryptocurrency community eagerly awaits Bybit's promised incident report, hoping it will shine a light on the details and prevent future occurrences.