Deep diving by penetration bybit

On Friday, February 21, 2025, ETHEREUM was stolen approximately $ 1.5 billion in BYBIT, which is a Dubai -based encryption. The BYBIT penetration represents the largest penetration of encryption in all ages, and exceeds more than 600 million dollars stolen from Poly Network in 2021. It also represents the largest theft of any kind in the world, with the record that Saddam Hussein had previously said, which was said to have stolen about one billion dollars from the Central Bank of Iraq on the edge of Araqi Freedom (OIF) in March 2003.

Details of penetration

According to February 21, 2025 mail By BIYBT, the stock exchange stated that it had discovered an suspicious activity related to one of its cold governor (ETHEUM). The accident included the implementation of a deal from a cold wallet to a warm portfolio. As a result, the infiltrator withdraw the funds from the cold wallet to an unidentified address.

The stock exchange said that his security team was working with Blockchain forensic experts to investigate the accident. They also called on any experts and teams that could help track assets. Bybit stated that all other cold governor was safe, and customer boxes were safe.

For this attack, the social engineering approach was used with the replacement of transactions. As a result, when the employee was sending money, they did not realize that the treatment would have gone to another portfolio address.

Lazaros group connection

Blockchain analysis company I mentioned The Lazaros Group is likely to implement the country -based piracy group in North Korea. Since 2017, North Korea’s infiltrators have stolen more than $ 6 billion from Crypto, with revenues that are said to go to the country’s ballistic missile test program. The group not only penetrates and steals encryption assets, but also has complex money laundering mechanisms.

Some indicators that the Lazaros group includes the stealing ethereum. The group usually steals the distinctive symbols of the original Blockchains because other types of symbols often have a safety mechanism that allows the freezing of money in stolen portfolios. During the attack, hundreds of millions of dollars were transferred from Steth and Cmeth to the ether. The group used many decentralized stock exchanges because central exchanges are likely to be locked.

The second step they use is the layers, where the money is sent to thousands of portfolios, the transfer of money to other exchanges through the bridges of the cross chain, and the switch between the encryption assets, using mixers and other technologies. Within two hours of theft, the money was divided into 50 titles of the wallet, with each wallet carrying about 10,000 ETH.

How was the reaction of exchanges

Within hours of penetration, money was transferred to decentralized exchanges, cross bridges, and central exchanges.

According to the elliptical report, infiltrators prefer XXCH, as it is known that users are allowed to switch digital assets in an unknown way. As of Monday, February 24, 2025, more than $ 75 million of money was washed through Exch, with the platform refusing to help with the money recovery.

To date, most of the other prevailing exchanges work with Bybit to ensure that if the money falls into its system, it will be frozen immediately. Even decentralized exchanges work with bybit. For example, Chainflip exchange Declare It has upgraded the code to prevent all money from hacking. Chainflip decided to upgrade its symbol after discovering a portion of the stolen money that is exchanged for USDC via its platform.

BYBIT is 10 % bonus to recover money. However, there is little hope to recover this money. The notorious Lazaros group is not to return the money as soon as it is controlled. For example, after the theft of $ 600 of Axie Infinity, the authorities were only able to recover 30 million dollars.

Bybit recovers from the attack

After the attack, the CEO of BYBIT Bin Chu to publish On X they completely recovered from the attack. The CEO stated that the stock exchange has completely renewed its wonderful wallets after receiving about 447,000 in emergency financing from companies such as Falconx, Galaxy Digital and Wintermute. According to the audit a report By Hackeen, bybit managed to completely restore reserves, and all the main assets exceeded 100 % guarantee.

antiquities

One of the positive results of the Bybit attack was that there was no bank on the stock exchange. Partially due to the fact that bybit is a major exchange, which is famous for the strong security system, and the response to customer issues. However, there are still some intermittent clouds by cautious encryption investors.

Initially, social media users were quick to attack bybit, accused of neglect, especially because there is no standard monitoring of the series and the blind signature of transactions.

However, this initial evaluation was not fair because bybit is not the process of the basement; It is one of the largest encryption exchange in the world. As such, this indicates a wider problem in the encryption sector, as attackers look at its main goal to achieve quick gains. Besides the fact that infiltrators are supported by the state, it makes it difficult to deal with such attacks.

The attack sheds light on the need for better security systems in the exchange of encryption, especially with regard to how to store encryption assets.

In addition to technical problems, there are also a large number of legal questions. How does the stolen money move freely between exchanges, protocols and portfolios?