Bybit Attackers Have Just Been Identified & It Is Not Good

On Friday, Bybit was hit with one of the biggest scams in the industry, where hackers managed to siphon $1.4 billion in crypto assets. This immediately sent shivers across the ecosystem. Many experts commented on the activity, along with Bybit CEO assuring that the users need not worry about it as the company has got it covered. You can read about the breach here.  

The most interesting part of the incident was how Arkham Intelligence responded to the event. The firm took to social media and said, “We’ve created and funded a bounty to help identify the person or organization behind today’s [over] $1 billion Bybit hack… Submissions to this bounty will be shared with the Bybit team to support their investigation. Reward: 50,000 ARKM.” 

BREAKING: BYBIT $1 BILLION HACK BOUNTY SOLVED BY ZACHXBT

At 19:09 UTC today, @zachxbt submitted definitive proof that this attack on Bybit was performed by the LAZARUS GROUP.

His submission included a detailed analysis of test transactions and connected wallets used ahead of… https://t.co/O43qD2CM2U pic.twitter.com/jtQPtXl0C5

— Arkham (@arkham) February 21, 2025

Immediately, people went to work, and one independent on-chain investigator named ZachXBT might be winning this bounty. Sources suggest that Zach has found that a North Korean group called the Lazarus Group was the team behind this break-in. As a result, he will win the 50,000 ARKM tokens promised by Arkham Intelligence.  

Down the Rabbit Hole 

Zach’s investigation revealed that the group had not just hit Bybit but had also attacked another chain named Phemex a few days back. Not only that, but hackers pooled their assets from both thefts through the same initial theft address. This is a known pattern that Lazarus Group follows, linking multiple exchange thefts under one address.  

Lazarus Group just connected the Bybit hack to the Phemex hack directly on-chain commingling funds from the intial theft address for both incidents.

Overlap address:
0x33d057af74779925c4b2e720a820387cb89f8f65

Bybit hack txns on Feb 22, 2025:… pic.twitter.com/dh2oHUBCvW

— ZachXBT (@zachxbt) February 22, 2025

The bounty submission included details of every step the group took, even the test transactions that the group conducted before the primary attack, connected wallet tracking, and timing analysis. All these details point towards the North Korean state-sponsored group. This hack is not just one of the biggest blockchain hacks but is also a big question on the security system of crypto investment funds. 

Furthermore, this theft also exposes the ugly reality of digital warfare and how crypto could be at the forefront of this warfare. Therefore, will the SEC take notice of this lapse and try to bring in enhanced security measures to counter this or do more people need to suffer?