ZachXBT identifies Lazarus Group as behind Bybit $1.4B hack, wins Arkham bounty

Arkham Intelligence announced that onchain security sleuth ZachXBT has identified the Lazarus Group, a North Korean hacker group, as being behind the $1.46 billion Bybit hack on Feb. 21. Arkham set up a bounty to identify the person or organization behind the attack with a reward of 50,000 ARKM (ARKM), worth roughly $31,500.

The Bybit exchange hack resulted in a loss of $1.46 billion in staked Ether (ETH) and other ERC-20 tokens. ZachXBT spotted the incident shortly after it occurred and made his submission to Arkham, “identifying the organization behind the attack using on-chain data.”

According to Blockaid, an onchain security platform, the $1.46 billion stolen represents the largest crypto exchange hack in history. Given the size and scope of the incident, it was no surprise that the news traveled quickly throughout the crypto community, eliciting reactions ranging from support from other crypto entities and calls to stop the FUD — fear, uncertainty and doubt — to security advice for users and gallows humor.

Related: Crypto hacks wipe out $2.3B in 2024, marking 40% YoY surge

Crypto entities post in support of Bybit

In response to the hack, various crypto entities and people expressed support for Bybit. The founder of the Tron blockchain, Justin Sun, said in an X post that the network was assisting in tracking the funds.

Crypto exchange OKX also deployed its security team to support Bybit’s investigation, according to its chief marketing officer, Haider Rafique.

The X account for crypto exchange KuCoin shared a message about the hack, saying it was standing in “full support of Bybit, its team, and CEO Ben Zhou as they work through this challenge.”

KuCoin noted that crypto “is a shared responsibility” and that “we firmly believe that collaboration across exchanges is essential in combating cybercrime and strengthening industry-wide security.”

Related: Crypto hacks, scam losses reach $29M in December, lowest in 2024

Calls to stop the FUD

As news spread of the hack, some users made calls to FUD surrounding the incident, showing community support for Bybit.

Coinbase executive Conor Grogan wrote on X: “Bybit appears to be processing withdrawals just fine after their hack. They have $20B+ in assets on platform and their cold wallets are untouched. Given the isolated nature of the signing hack and how well capitalized Bybit is, I don’t expect there to be contagion.” He continued:

“A minute into the FTX bankrun it was clear they had no funds to withdraw. I know everyone has PTSD but Bybit is not an FTX situation, if it was I would be screaming it out. They will be fine.”

Stani Kulechov, founder of Aave — which suffered its own large hack — weighed in as well:

Related: Crypto thieves score big on centralized services, private keys in 2024

Security advice for users

Some members of the crypto community posted security advice for users. “Quit,” vice president of blockchain at Yuga Labs, shared on X different security measures users could take to keep their funds safe, including using multisignature, using hardware wallets as signers and running tenderly simulations.

KuCoin also emphasized certain security measures for its users, including enabling two-factor authentication, setting strong, unique passwords, and using passkeys.

Related: Crypto exchange launches to address security and liquidity needs in trading