ZachXBT Identifies Lazarus Group as Bybit $1.4B Hackers, Wins Arkham Bounty

Key Takeaways:

• February 2025 saw one of the largest hacks in crypto history, a $1.4 billion hack against Bybit.
• On-chain sleuth ZachXBT names North Korea’s Lazarus Group among the likely perpetrators.
• Crypto community rallies with support, security tips and stolen fund tracking efforts

The cryptocurrency space has just faced a significant threat, after the Bybit exchange was targeted in a $1.4 billion hack. The first reports of this issue appeared on February 21, noting unusual withdrawals of Ether (ETH) from Bybit wallets. The crypto community reacted quickly, with on-chain analyst ZachXBT attributing the theft to the notorious Lazarus Group, a North Korean hacking group.

Arkham Intelligence has previously offered a bounty of 50,000 ARKM tokens (valued at about $31,500 at the time) for information that might lead to identifying the attackers. ZachXBT was quick to step up with detailed on-chain analysis that led to the Lazarus Group. He wrote the following in his submission to Arkham:

• Analysis of test transactions
• Wallets discovery — identification of the connected wallets
• Forensic charts
• Timing analyses

This has been reported to Bybit to assist in their investigation.

BREAKING: BYBIT $1 BILLION HACK BOUNTY SOLVED BY ZACHXBT

At 19:09 UTC today, @zachxbt submitted definitive proof that this attack on Bybit was performed by the LAZARUS GROUP.

His submission included a detailed analysis of test transactions and connected wallets used ahead of… https://t.co/O43qD2CM2U pic.twitter.com/jtQPtXl0C5

— Arkham (@arkham) February 21, 2025

The hack caused the loss of around $1.4 billion, including large amounts of Ether (ETH) and other ERC-20 tokens. Blockaid, an on-chain security platform, called it “the largest crypto exchange hack of all time.” The stolen assets included:

• About 401347 ETH ($1.12 bln estimate)
• 90,376 stETH (approximately $253.16 million in current valuation)
• 15,000 cmETH ($44.13 million)
• 8,000 mETH ($23 million)

Considering the scale of the theft, the news spread quickly and generated a varying response from the crypto community.

After announcing the hack, many prominent players in the crypto space rallied behind Bybit. Justin Sun, who founded Tron, announced on X (formerly Twitter) that his team was helping track down the stolen funds. OKX also deployed its security team to assist Bybit’s probe. KuCoin expressed solidarity with Bybit, stressing that crypto security “is a shared responsibility”, noting further that in the fight against cybercrime, collaboration between exchanges is key.

We have been monitoring the Bybit incident very closely and will do our best to assist our partners in tracking the relevant funds, providing all the support within our capabilities.

— H.E. Justin Sun (@justinsuntron) February 21, 2025

Bybit’s financial position was also one of the factors that led some community members to ask others to not spread FUD. Coinbase executive Conor Grogan pointed out that Bybit seemed to be processing withdrawals without problems even after the hack, as well as its large assets (more than $20 billion at the time) and cold wallets that had not been touched. He argued that the situation was not analogous to the collapse of FTX, saying that Bybit was well-capitalized and would not run into similar problems. Aave founder Stani Kulechov also weighed in, extending his support.

ByBit will take a haircat, most likely covered by their revenue. I would expect ByBit to survive this incident without issues.

Ethena stood up like a champ.

Aave stood up like a champ.

Big winner is Copper’s ClearLoop, PMF secured.

Biggest winner is self custody. Onwards.

— Stani.eth (@StaniKulechov) February 21, 2025

Following the Bybit hack, a number of experts have offered users security tips to safeguard their funds. Yuga Labs’ vice president of blockchain, Quit, suggested to utilize multi-signature wallets, hardware wallets as the signers, and run tenderly simulations. KuCoin also recommended that users activate two-factor authentication, maintain strong, distinctive passwords and evaluate passkeys.

The identification by ZachXBT of the Lazarus Group as the prime suspect was a cause for great concern. The Lazarus Group has been linked to several other major cyberattacks, including:

• A hack of the Axie Infinity Ronin Bridge ($625 million)
• $100 million stolen from Harmony Bridge
• Atomic Wallet ($100 million)
• Stake ($41 million)
• Alphapo Hot Wallet ($60M+).
• WazirX ($230 million)

Their methods typically involve converting stolen ERC-20 tokens into ETH, swapping ETH for BTC, and then laundering the funds through OTC networks and illicit financial channels in Asia. Those funds are said to be used to fund North Korea’s nuclear weapons and ballistic missile programs.

Bybit has implemented a series of measures to remedy the hack, including:

• Reporting the incident to law enforcement
• Working with blockchain forensic experts to trace the stolen funds
• Working with on-chain analytic providers to flag and “demix” the involved addresses
• Requesting other exchanges and market makers to blacklist the stolen ETH

Our reserves are 1:1 backed, no user funds have been frozen, Bybit CEO Ben Zhou said. He further explained that Bybit arranged a bridge loan to keep its operations steady and to ensure retail withdrawals.

Following the Bybit hack, discussions about a potential Ethereum fork have emerged. Notably, investor Arthur Hayes suggested that if the Ethereum community were to support a rollback, it would be a possible course of action. Ethereum price pulled back after the hack, and was temporarily down before recovering.

While many crypto exchanges distanced themselves from the FTX collapse, Bybit has received ample support from its peers. Exchanges including Binance and Bitget have offered to help stop the stolen ETH from moving. This collaborative effort among crypto exchanges highlights a growing recognition that unity is essential in the fight against cybercrime.

The post ZachXBT Identifies Lazarus Group as Bybit $1.4B Hackers, Wins Arkham Bounty appeared first on CryptoNinjas.