The hack is the largest cryptocurrency heist in history. Bybit is currently actively working with industry experts such as Chainalysis to trace the stolen assets and is investigating the theft.
The company also launched a recovery compensation program that will compensate individuals who help recover assets with up to 10% of the amount recovered. Chainalysis has explained how the vulnerability occurred and what the attackers used to
The company announced how the tactics, techniques, and procedures (TTPs) used by the cryptocurrency miners are linked to North Korea, and that Chainalysis is working with Bybit and law enforcement to help recover the funds.
The Bybit hack illustrates the evolving tactics used by nation-state cybercriminals. In particular, it is unclear how North Korean-linked hackers are using these techniques.
Recently, according to the 2025 Virtual Asset Crime Report published by Chainalysis, North Korean-affiliated hackers will be responsible for approximately 20 hacks in 2023.
In 2020, $660.5 million (approximately 98.8 billion yen) was stolen, and in 2024, $1.34 billion (approximately 200.4 billion yen) was stolen in 47 hacks, more than doubling the amount stolen in one year (1
The Bybit hacking incident is estimated to have increased by approximately $160 million (approximately 2.02%) from the total amount stolen by North Korean hackers in the entire year of 2024 in a single hack.
The attack is a good example of a hacking technique often used by North Korea. Hackers use social engineering attacks to get close to their targets and then use complex
They are using money laundering techniques to hide the stolen funds. In fact, the funds stolen in this Bybit incident were added to the same addresses as assets seized in other North Korea-related hacks.
This further proves that this incident was a nation-state-sponsored act. Below is a step-by-step analysis of how the Bybit hacking incident took place.
1. Initial intrusion via social engineering techniques Hackers used phishing attacks to trick cold wallet signers. User interface
The attackers infiltrated the blockchain and tricked users into signing transactions that changed a secure multi-signature wallet contract into a malicious one.
During a routine transfer of Ethereum from Bybit’s cold wallet to its hot wallet, the attackers stole 401,000 Ethereum tokens, worth approximately $1.5 billion at the time.
3. Dispersal of assets through intermediary wallets The stolen assets were transferred through a complex network of intermediary addresses.
This is a common technique to hide the path of funds and make them harder for blockchain analysts to track. 4. Token Swaps and Money Laundering
The hackers exchanged most of the stolen ETH for other tokens such as BTC (Bitcoin), DAI (Daicoin), and distributed cryptocurrencies such as Bitcoin (BTC), Bitcoin Cash (BTC), and Bitcoin Derivatives (BTC).
They moved assets across multiple networks using DEXs, cross-chain bridges, and instant swap services with no KYC procedures.
5. Fund idling stop and strategic money laundering Most of the stolen funds were left in multiple addresses.
This is a strategy often used by hackers in the US after a high-risk incident, where they do not immediately launder money, but instead leave the funds idle until scrutiny eases, with the intention of avoiding being tracked.
The Chainalysis Reactor graph shows the complex money laundering process to date. The graph shows the intermediary addresses, token exchanges, and cryptocurrency laundering.
This illustrates the attempt to conceal stolen funds through a complex network of loss-chain transfers, as well as the ripple effects this incident will have across the crypto-asset ecosystem.
Despite the severity of the Bybit attack, the inherent transparency of the blockchain poses a significant barrier to bad actors attempting to launder stolen funds.
All transactions are recorded on a public ledger, allowing authorities and cybersecurity companies to track and monitor illegal activities in real time.
Chainalysis has also recently acquired Hexagate and Alteriya to further strengthen its security and fraud detection capabilities, enabling it to better address more advanced threats.
Cooperation across the crypto asset ecosystem is essential to addressing the threat. Bybit’s promise to compensate customers for their losses and blockchain forensics
Our close collaboration with SICK experts demonstrates the importance the industry places on mutual support and resilience. With all our experts coming together, the crypto community can better defend against sophisticated cyber attacks.
Chainalytics is a global leader in financial services, with a global team of experts, customers, and partners in the public and private sectors.
We are working with multiple parties to support various asset seizure and recovery routes in response to this attack. We have already worked with multiple parties to recover the $40 million (approximately $50 million) stolen from Bybit.
"We have contributed to freezing over 7 billion won ($70 billion) in funds and will continue to work with public and private sector institutions to seize as many assets as possible," the company said.
2025/02/25 16:49 KST
Copyright(C) BlockchainToday wowkorea.jp 117
