But first, perhaps the biggest financial heist in history except for the Dutch government's indiscriminate adjustment of VAT rates: crypto exchange Bybit was robbed of $1.46 billion worth of Ethereum, and it seems the perpetrators, the infamous Lazarus Group, are from North Korea.
At least, that's what blockchain analysis company Arkham Intelligence says based on data provided by blockchain researcher ZachXBT. The attack immediately led to a sharp drop in crypto prices, but after adequate crisis communications from Bybit, the market quickly recovered. Over the week, Bitcoin fell only 1%, and billions are flowing into crypto-ETFs from institutional investors. For example, Mubadala, an Abu Dhabi sovereign wealth fund, announced a $436 million investment in the BlackRock Bitcoin ETF.
The attack on Bybit was carried out through a technique called "Blind Signing," in which transactions were approved by Bybit employees without full knowledge of the content. This is best explanation I could find of the method used on X and this is an excellent video that explains it all. At its core, it boils down to the need for several Bybit employees to approve such transactions through so-called multisig wallets, which at first suspected that the thieves had simply changed the receiving address or amount.
Taking over entire vault
This would be similar to how Pathé executives in the Netherlands transferred nineteen million Euros to an unknown account number a few years ago, thinking it was an account of the parent company. However, the North Koreans' method was even more sophisticated: according to Bybit chief Ben Zhouh,the hackers hadmanaged to change the message approved by Bybit employees into an upgrade of the entire vault(safe smart contract logic), taking control of the entire vault, including all assets.
For those of you who remember Lucky Luke and the Dalton brothers, it brings to mind the moment when the brothers tried to stop taking bank employees at gunpoint or using dynamite to blow up the safe, and "just" lift the safe out of the bank. Unfortunately, the North Koreans were a lot more savvy than the Daltons.
Centralization remains a systemic risk
The attack on Bybit once again raises questions about the security of crypto exchanges and the risks associated with holding large amounts of assets on centralized platforms. Industry experts stress that advanced hacking methods, as used by the Lazarus Group, are an ongoing threat affecting the entire crypto industry.
As a result, reactions, even from competitors, were moderate to even supportive. Former Binance CEO CZ had a nuanced analysis to which Zhou in turn responded well. Bybit says losses will be covered by their insurance fund and that the cold wallet attack will not lead to further liquidity problems. The prompt and forthright communication from ByBit and especially CEO Ben Zhou was widely praised, although it was a flex to prove with his Whoop score that he remained extremely calm during the incident and subsequent sleepless night.