On-chain investigator ZachXBT has identified North Korea’s Lazarus Group as the team behind the billion-dollar Bybit hack, winning a 50k ARKM bounty for solving the case.
The breakthrough came when ZachXBT submitted conclusive evidence linking the attack to the hacking group at 19:09 UTC.
BREAKING: BYBIT $1 BILLION HACK BOUNTY SOLVED BY ZACHXBT
— Arkham (@arkham) February 21, 2025
At 19:09 UTC today, @zachxbt submitted definitive proof that this attack on Bybit was performed by the LAZARUS GROUP.
His submission included a detailed analysis of test transactions and connected wallets used ahead of… https://t.co/O43qD2CM2U pic.twitter.com/jtQPtXl0C5
The investigation shared the hackers exploited Bybit’s Ethereum multisig cold wallet during a routine transfer to the exchange’s warm wallet.
The attackers manipulated the signing interface, making it display the correct wallet address while altering the underlying smart contract logic.
Bybit CEO Ben Zhao confirmed the security breach resulted in losses exceeding $1.5 billion in cryptocurrency assets.
Despite the magnitude of the theft, Zhao assured users that all client withdrawals would be processed, even those under review.
