Hackers, believed to be N. Korean, have stolen nearly £1.2b worth of cryptocurrencies in what is being described as the ‘biggest every theft’ of digital money.
Dubai-based platform Bybit explained that an attacker managed to take control of a ‘cold’, or offline, Ethereum wallet controlled by the company & transferred the massive set of assets to an as-yet-unidentified address.
Wallets
The firm, which says it has more than 60m users across the world, stated no other wallets were affected & that withdrawals appeared to be proceeding normally.
The company’s CEO Ben Zhou commented in a post on X: ‘Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss.’
The attack is believed to have been carried out by the Lazarus Group, a N. Korean hacking collective that has been run by Kim Jong Un‘s country since 2010.
Previous Record
The theft is believed to be the largest of its type, with the previous record coming in at £490m worth of cryptocurrency stolen from the Ronin Network in 2022.
It is unknown how the hack happened. Cold wallets are considered safer than online ‘hot’ wallets, & Bybit’s cold Ethereum wallet required several people to sign off on transfers, according to the Financial Times.
While the company is investigating the hack with the help of its security team & forensic experts, masses of people are pulling their assets from the platform.
Withdrawals
Zhou added in a later post: ‘Since the hack, Bybit has experienced the greatest number of withdrawals that we have ever seen, We have had a total number of more than 350k withdrawal requests, so far, around 2100 withdraw requests left to be processed.
‘Overall 99. 994% withdraws have been completed.
‘Although we have been hit by the worst hack possibly in the history of any medians (banks, crypto, finance), all Bybit functions & product remain functional, the Whole team had been awake all night to process & answer client questions & concerns. ALL hands-on DECK. rest assured; we are here with you.’
Investigating
Bybit said its security team, along with forensic experts, was investigating the incident, adding: ‘We have reported the case to the appropriate authorities.’
The firm stated: ‘All client funds are safe, & our operations continue as usual without any disruption.’
