**ZachXBT Connects $1.4 Billion Bybit Hack to North Korea’s Lazarus Group; Bybit Reassures Users of Fund Security**
In a significant development regarding the $1.4 billion hack of the Bybit crypto exchange, blockchain investigator ZachXBT has established a connection to North Korea’s notorious Lazarus Group. Bybit has reassured its users that all funds are securely backed 1:1 and that their operations continue without disruption.
The breach, which occurred on February 21st, marks the largest hack in cryptocurrency history. According to Arkham Intelligence, a blockchain intelligence firm, ZachXBT provided critical insights linking the attack to the Lazarus Group. His comprehensive forensic analysis included details on transactions, associated wallets, and on-chain activities leading up to the incident. The Bybit team is actively collaborating with blockchain security experts to recover the stolen assets.
In a breaking update, ZachXBT presented conclusive evidence at 19:09 UTC today, confirming that the attack on Bybit was executed by the Lazarus Group. His findings featured an in-depth examination of test transactions and the wallets involved prior to the breach.
The attack exploited human error rather than any flaws in Bybit’s code. Initial investigations revealed the complexity of the breach, where attackers manipulated the signing interface of Bybit’s Ethereum cold wallet, presenting legitimate transaction details while altering the underlying smart contract logic. Unauthorized activity was detected when the ETH multisig cold wallet attempted a transfer to a warm wallet, which was compromised through a sophisticated method that concealed the signing process.
This deception was executed without triggering any internal alarms. The Lazarus Group did not breach Bybit’s code but instead exploited human vulnerabilities. They targeted multi-signature signers, took control of their devices using malware, and manipulated transaction approvals without raising any red flags. This incident has raised concerns within the crypto community regarding the effectiveness of multi-signature security measures.
Despite the gravity of the situation, Bybit has assured its users that their funds are safe and fully backed. The exchange continues to allow withdrawals and operates as usual. Bybit’s CEO emphasized that even in a worst-case scenario, the exchange is well-prepared to handle a potential bank run, stating, “Bybit is solvent even if this hack loss is not recovered. All client assets are 1-to-1 backed, and we can cover the loss.” Their founder further reassured clients, saying, “We have enough tokens to give to the clients.”
The crypto community has responded swiftly to the Bybit hack, reflecting on the implications for security practices across the industry.
