Bybit Hack Update: Lazarus Group Consolidates Stolen Bybit Funds Into Phemex Hacker Wallet, Onchain Evidence Shows

Blockchain analysts link North Korea’s Lazarus Group to both the $1.4 billion Bybit hack and the $29 million Phemex hack, revealing direct onchain connections between the two incidents.Lazarus Group Suspected Behind Bybit and Phemex HacksNew onchain evidence uncovered by ZachXBT and Arkham Intelligence has directly linked the Lazarus Group, a North Korean cybercrime syndicate, to both the Bybit and Phemex hacks. The Feb. 21 Bybit hack—now the largest crypto theft in history—saw over $1.4 billion in digital assets stolen, including stETH, mETH, and other ERC-20 tokens.Onchain data reveals that funds stolen from both the Bybit and Phemex breaches have been commingled into the same wallet, indicating that the same hacker group was behind both attacks.How the Attacks Were Carried OutThe Bybit hack was executed through a deceptive transaction, tricking Ethereum multisig cold wallet signers into unknowingly approving a malicious smart contract logic change. This allowed attackers to take control of the cold wallet and transfer funds to an unknown address.The Phemex hack in January involved 125 individual transactions across 11 blockchain networks, with attackers draining $29 million before converting the funds into Ethereum (ETH) via Tornado Cash, a well-known crypto mixer used to obscure transactions.Lazarus Group's Ongoing Crypto ExploitsThe Lazarus Group has been responsible for some of the biggest crypto heists in history, including:$600M Ronin Network hack$305M DMM Bitcoin hack$230M WazirX hack$50M Upbit hack$50M Radiant Capital hack$16M Rain Management hackAccording to Chainalysis, North Korean hackers have stolen $1.34 billion across 47 incidents in 2024 alone, a 102% increase from 2023, making up 61% of all crypto stolen this year.Governments Warn of Growing North Korean Cyber ThreatThe United States, Japan, and South Korea issued a joint statement in January 2024, warning that North Korea’s hacking operations are a growing threat to global financial security. South Korea has since sanctioned 15 North Koreans accused of using stolen cryptocurrency to fund nuclear weapons development.Crypto Industry Faces Unprecedented Security ChallengeThe Bybit hack alone accounts for over half of all stolen crypto in 2024, highlighting the urgent need for stronger exchange security measures. With North Korean state-backed hackers refining their tactics, the industry must bolster cybersecurity defenses to mitigate future risks, according to Cointelegraph.