Bybit confirmed that attackers have compromised a $ETH (-0,08 %) cold wallet of the exchange has been compromised. In total, approximately 401,346 ETH worth around $1.4 billion were stolen.
The hackers apparently implemented a malicious smart contract in Bybit's system on February 19 and then manipulated the multi-signature function of the affected cold wallet. This apparently allowed them to authorize transactions that should not have been approved. Bybit explained that the attack deceived the signature interface - the correct destination address was displayed, but the underlying smart contract logic was changed. This is how the attackers ultimately gained control of the wallet.
Immediately after the theft, the hackers began exchanging large portions of the loot for other cryptocurrencies via decentralized exchanges (DEX) and distributing them to numerous wallet addresses to make tracking more difficult.
Bybit CEO Ben Zhou explained that Bybit had sufficient reserves to cover the loss 1:1 without jeopardizing customer funds. Meanwhile, withdrawals and trading on the platform continued as normal.
In fact, on-chain investigations now point to the North Korean Lazarus Group, which is known to carry out crypto hacks on behalf of the state.
What more can be said except:
Not your keys, not your coins!
Perhaps the "decentralized" team of the "decentralized" Ethereum Foundation will roll back the "decentralized" blockchain of the "decentralized" network to undo the hack🤪
