North Korea’s Lazarus Group stole $1.46 billion during its attack on Bybit. Research firm Chainalysis examined how attackers entered Bybit and explained the advanced ways they moved stolen money through different services.

Bybit became the target of the Blockaid platform which labeled the attack as the largest cryptocurrency exchange theft ever recorded on February 21. The spending of 401,000 ETH and other digital assets led blockchain investigator ZachXBT to connect the breach with the Lazarus Group.

How Cybercriminals Stole and Laundered $1.4B in Crypto

The Chainalysis February 24 report showed how the hackers designed their attack through social engineering and intricate money laundering schemes. The report shows North Korea-linked criminals used identical methods in attacks they had run before.

Chainalysis showed the attack came from phishing attempts directed at Bybit’s cold wallet signers. The attackers broke into the exchange system and changed its multisignature wallet implementation contract by putting a tainted version in place.

The cybercriminals hacked the Ethereum cold wallet when Bybit transferred money to their hot wallet and redirected the loot to their own wallet addresses. They shifted funds away from their control before the exchange system sensed any irregular activities. Chainalysis said:

“The stolen assets were then moved through a complex web of intermediary addresses. This dispersion is a common tactic used to obfuscate the trail and hinder tracking efforts by blockchain analysts.”

The report showed that the thieves exchanged some ETH into Bitcoin and Dai before moving the money. These thieves used decentralized exchanges that work with cross-chain bridges and instant swap tools which do not demand KYC guidelines so they could transfer funds quickly and safely across different networks.

Chainalysis and Partners Freeze $40 Million in Stolen Assets

Most of the stolen cryptocurrency stays stored across many wallet addresses although the hackers quickly transferred these funds. According to Chainalysis these criminals from North Korea follow a special method that slows down the money cleaning process. According to Lockheed Martin experts 

North Korean cybercriminals choose to delay their money laundering plans to escape attention that follows major security breaches.

Through blockchain openness security companies can identify and watch illegal money transfers despite ongoing money cleaning operations. Through joint efforts with partner companies Chainalysis has locked down $40 million of stolen funds and leads the recovery of stolen assets together with public-private entities.

The assault proves hackers who specialize in cryptocurrency attacks represent a new danger to this sector. Chainalysis argues that companies need to enhance cybersecurity defenses before hackers launch their attacks. The company emphasized that user funds need full transparency by making their security practices available to both regulators and customers.

According to Chainalysis exchanges have to present their protection measures for user funds to both their governing bodies and their customers.

The report urged private sector businesses to link efforts with public sector stakeholders in developing cybersecurity defense plans. The competition between cybercriminals demands shared efforts by different industries to stop digital crimes effectively and recover stolen money faster.

The Ethereum wallet theft teaches everyone globally that cryptocurrency exchanges need security improvements before more damage occurs. The Bybit cyber attack shows us that digital asset platforms have security weaknesses that require us to watch out for new cyber risks.