Bybit vows to take action against Lazarus crew to recover $1.5B in stolen funds
Cryptocurrency exchange Bybit has taken a bold step to combat cyber-crime and recover $1.5 billion in Ethereum allegedly stolen by North Korea’s Lazarus crime ring. The exchange has initiated a bounty program offering up to $140 million in rewards for the return of the pilfered funds. Bybit’s CEO, Ben Zhou, asserts that Lazarus orchestrated the heist, marking it as a record for the North Koreans.
The program lazarusbounty.com has already paid out more than $4 million in rewards to individuals who assisted in the recovery efforts. Zhou stated, “We will not stop until Lazarus or bad actors in the industry are eliminated,” indicating a relentless pursuit of justice. The initiative aims to incentivize the community to identify and report blockchain transactions related to the theft, offering a five percent reward upon successful recovery.
Zhou further announced plans to establish a “HackBounty platform” to engage the entire industry in combating cyber threats and apprehending criminals profiting from illicit activities. He expressed enthusiasm for the collaboration among industry players in fortifying cybersecurity defenses. Bybit remains operational and secure, with customer accounts unaffected and sufficient liquidity to cover transactions in the aftermath of the theft.
The exchange’s troubles commenced on February 21 when funds scheduled for transfer from an offline Ethereum cold wallet to an online hot wallet were diverted, resulting in the misallocation of over 400,000 ETH and stETH valued at $1.5 billion. A forensic analysis by Sygnia Labs and Verichains implicated a sophisticated attack that modified the JavaScript code of SafeWallet, a tool utilized by Bybit, to reroute the Ethereum to a North Korean entity.
The compromise likely occurred through tampering with an AWS S3 or CloudFront account linked to SafeWallet’s software hosting. SafeWallet acknowledged the breach, attributing it to a compromised developer machine, which facilitated the modification of transaction details. While no vulnerabilities were detected in SafeWallet’s smart contracts or frontend code, the incident prompted cautionary measures to avert future attacks.
The collaboration between Bybit and industry partners exemplifies a united front against cyber threats and malicious actors seeking to exploit vulnerabilities. By offering substantial rewards and fostering a collective response to cybersecurity challenges, the initiative signals a transformative shift in the industry’s approach to safeguarding digital assets. As the pursuit of justice continues, stakeholders remain vigilant in fortifying defenses and thwarting cyber-criminals’ nefarious schemes.
