Bybit Hacker’s Insane Pattern: 2-3 Moves Per Minute

• Bybit Hacker laundered ETH in 2-3 transactions per minute, 45-minute cycles, raising questions about the operation’s sophistication.
• Despite robust security, Bybit lost $1.4 billion in ETH to a sophisticated phishing attack, highlighting vulnerabilities in even top exchanges.  
• CEO secured emergency funds, withdrawals remain open, and investigations point to Lazarus Group, as Bybit reaffirms user fund safety.  

The Bybit hacker is aggressively laundering stolen Ethereum with precision. Arkham data showed that the perpetrator executed two to three transactions per minute, after every 45 minutes for a calculated 15-minute break. This methodical approach to moving ETH, shifting from one address to the next, raises questions about the operation’s sophistication.  

Bybit, a leading cryptocurrency exchange, suffered a loss of 401,347 ETH, worth $1.4 billion, from its supposedly impregnable vault. Despite its strong security infrastructure, including $16.2 billion in reserves, military-grade encryption, and multi-signature cold wallets, the crypto exchange fell victim to a meticulously planned attack.  

Bybit Hacker's Insane Pattern: 2-3 Moves Per Minute 3

CEO Ben Zhou has meanwhile, secured an emergency loan to cover a substantial portion of the losses and reassure users of fund safety. At press time, Bybit maintains open withdrawals despite a $1.5 billion outflow.

Investigations point towards Park Jin, a notorious hacker linked to North Korea’s Lazarus Group. Trained at Kim Chaek University of Technology, Jin is suspected of leading high-profile heists, including the Axie Infinity Ronin Bridge attack and the Bangladesh Central Bank heist.  

Bybit Hack Traced to Clever Phishing Scheme

Onchain sleuths, including ZachXBT, reveal that the hackers didn’t use brute force. Instead, they employed a sophisticated phishing attack, creating a deceptive replica of the exchange’s signing interface. Bybit’s security team, believing the transaction to be legitimate, inadvertently authorized the transfer, granting the hackers control over the cold wallet.

The stolen funds were swiftly sent across 53 wallets, funneled through mixing services, and laundered via obscure exchanges, to avoid any footprints. Despite mounting evidence, North Korea denies any involvement.

Bybit’s commitment to user safety remains paramount, with Zhou reiterating that client funds are fully backed and that sufficient liquidity exists for withdrawals.

Client funds are 1:1 backed. There is enough liquidity to cover withdrawals. And All other wallets remain secure. So far, no bank run.

As the investigation continues, the crypto community grapples with the implications of this breach, underscoring the persistent threat of cybercrime in the digital age.