{"id":10655,"date":"2025-02-23T16:16:18","date_gmt":"2025-02-23T16:16:18","guid":{"rendered":"https:\/\/finderica.com\/?p=10655"},"modified":"2025-02-23T16:16:18","modified_gmt":"2025-02-23T16:16:18","slug":"korean-hackers-steal-1-5-billion-from-cryptocurrency-exchange","status":"publish","type":"post","link":"https:\/\/finderica.com\/?p=10655","title":{"rendered":"Korean Hackers Steal $1.5 Billion From Cryptocurrency Exchange"},"content":{"rendered":"\n<div>\n<figure class=\"embed-base image-embed embed-0\" role=\"presentation\"><figcaption><fbs-accordion classname=\"expandable\" current=\"-1\"><\/p>\n<p class=\"color-body light-text\" role=\"button\">POLAND &#8211; 2023\/11\/14: In this photo illustration, a Bybit logo is displayed on a smartphone with <span class=\"plus\" data-ga-track=\"caption expand\">&#8230; [+]<\/span><span class=\"expanded-caption\"> stock market percentages in the background. (Photo Illustration by Omar Marques\/SOPA Images\/LightRocket via Getty Images)<\/span><\/p>\n<p><\/fbs-accordion><small>SOPA Images\/LightRocket via Getty Images<\/small><\/figcaption><\/figure>\n<p>Bybit, a major cryptocurrency exchange based in Dubai recently <a class=\"color-link\" href=\"https:\/\/www.nytimes.com\/2025\/02\/22\/technology\/crypto-exchange-bybit-hack.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.nytimes.com\/2025\/02\/22\/technology\/crypto-exchange-bybit-hack.html\" aria-label=\"announced\">announced<\/a> it had been hacked, losing $1.5 billion worth of the cryptocurrency Ethereum in the largest cryptocurrency theft of all time. Putting it into perspective, the <a class=\"color-link\" href=\"https:\/\/www.nytimes.com\/2025\/02\/22\/technology\/crypto-exchange-bybit-hack.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.nytimes.com\/2025\/02\/22\/technology\/crypto-exchange-bybit-hack.html\" aria-label=\"previous\">previous <\/a>largest cryptocurrency theft was of $611 million worth of cryptocurrencies from the PolyNetwork platform in 2023.<\/p>\n<p>The crypto research group <a class=\"color-link\" href=\"https:\/\/intel.arkm.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/intel.arkm.com\/\" aria-label=\"Arkham Intelligence\">Arkham Intelligence<\/a> is <a class=\"color-link\" href=\"https:\/\/x.com\/arkham\/status\/1893033424224411885\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/x.com\/arkham\/status\/1893033424224411885\" aria-label=\"attributing\">attributing<\/a> the theft to the North Korean hacking group known as the Lazarus Group. The Lazarus Group is an infamous cybercrime group tied to the North Korean government that has been conducting cybercrimes since 2009. Among their more notable attacks was the hack of Sony Pictures in 2014 in retaliation for the release of the movie \u201cThe Interview\u201d which parodied North Korean leader Kim Jong Un. They also perpetrated a <a class=\"color-link\" href=\"https:\/\/usa.kaspersky.com\/about\/press-releases\/chasing-lazarus-a-hunt-for-the-infamous-hackers-to-prevent-large-bank-robberies\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/usa.kaspersky.com\/about\/press-releases\/chasing-lazarus-a-hunt-for-the-infamous-hackers-to-prevent-large-bank-robberies\" aria-label=\"cyberattack\">cyberattack<\/a> against the Bangladesh Bank in 2016 stealing $81 million and in 2017 were responsible for the massive <a class=\"color-link\" href=\"https:\/\/home.treasury.gov\/news\/press-releases\/sm774\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/home.treasury.gov\/news\/press-releases\/sm774\" aria-label=\"WannaCry Ransowmare\">WannaCry Ransowmare<\/a> attack which affected 300,000 computers in 150 countries.<\/p>\n<p>The blockchain intelligence firm Chainalysis <a class=\"color-link\" href=\"https:\/\/thehackernews.com\/2024\/12\/lazarus-group-spotted-targeting-nuclear.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/thehackernews.com\/2024\/12\/lazarus-group-spotted-targeting-nuclear.html\" aria-label=\"estimated\">estimated <\/a>that the Lazarus Group stole $1.34 billion in 2024 in 47 cryptocurrency hacks.<\/p>\n<p><a class=\"color-link\" href=\"https:\/\/x.com\/benbybit\/status\/1892963530422505586\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/x.com\/benbybit\/status\/1892963530422505586\" aria-label=\"According\">According<\/a> to Bybit co-founder and CEO Ben Zhou, the attacker exploited a &#8220;masked&#8221; UI and URL, deceiving wallet signers into unknowingly approving a malicious transaction. This allowed them to alter the smart contract logic and gain control of the ETH cold wallet, draining its funds. By altering the smart contract logic, the Lazarus Group was able to get control over Bybit\u2019s Ethereum cold wallet. Cold wallets are used for security purposes to store cryptocurrencies offline thereby making them more secure than hot wallets which are connected to the Internet and thereby more susceptible to being hacked. Once the hackers took control of the cold wallet they were able to transfer the Ethereum stored there to their own accounts.<\/p>\n<p>As explained by Forbes Contributor Alice Liu the stolen Ethereum was transferred to 53 wallets and are being actively monitored by blockchain and smart contract auditing teams, making it difficult, but not impossible for the Lazarus Group to move the stolen Ethereum in an effort to launder the funds effectively. Already there are <a class=\"color-link\" href=\"https:\/\/www.cryptopolitan.com\/lazarus-laundering-40000-ether-bybit\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.cryptopolitan.com\/lazarus-laundering-40000-ether-bybit\/\" aria-label=\"initial reports\">initial reports<\/a> that some of the funds have been moved to the cryptocurrency mixer eXch. Cryptocurency mixers, such as eXch break up the cryptocurrencies received into random, smaller amounts and then mix them with funds of other users of the mixer thereby making it more difficult to trace the source of the funds. They may then convert the Ethereum into different cryptocurrencies to further hide their tracks and then split the funds into even smaller units and send them to multiple wallets and then convert those funds to fiat currency. This process will most likely be repeated using multiple mixers to provide more anonymity for the transfers.<\/p>\n<p>In 2024 there were a record <a class=\"color-link\" href=\"https:\/\/www.thecoinrepublic.com\/2024\/12\/21\/crypto-hack-report-2024-reasons-and-measures\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.thecoinrepublic.com\/2024\/12\/21\/crypto-hack-report-2024-reasons-and-measures\/\" aria-label=\"303 successful cryptocurrency platform hacks\">303 successful cryptocurrency platform hacks<\/a> with losses of $2.2 billion. Whether this evident lack of security as shown by the Bybit hacking and other cryptocurrency platform attacks will have an effect on the cryptocurrency markets remains to be seen, but the cryptocurrency industry definitely needs to step up its security.<\/p>\n<\/div>\n<p><a href=\"https:\/\/www.forbes.com\/sites\/steveweisman\/2025\/02\/22\/korean-hackers-steal-15-billion-from-cryptocurrency-exchange\/\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>POLAND &#8211; 2023\/11\/14: In this photo illustration, a Bybit logo is displayed on a smartphone with &#8230; [+] stock market percentages in the background. (Photo Illustration by Omar Marques\/SOPA Images\/LightRocket via Getty Images) SOPA Images\/LightRocket via Getty Images Bybit, a major cryptocurrency exchange based in Dubai recently announced it had been hacked, losing $1.5 billion<\/p>\n","protected":false},"author":1,"featured_media":10656,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[196],"tags":[237,3606,4169,4295,3277,3767],"class_list":{"0":"post-10655","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-finance-news","8":"tag-billion","9":"tag-cryptocurrency","10":"tag-exchange","11":"tag-hackers","12":"tag-korean","13":"tag-steal"},"_links":{"self":[{"href":"https:\/\/finderica.com\/index.php?rest_route=\/wp\/v2\/posts\/10655","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/finderica.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/finderica.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/finderica.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/finderica.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10655"}],"version-history":[{"count":0,"href":"https:\/\/finderica.com\/index.php?rest_route=\/wp\/v2\/posts\/10655\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/finderica.com\/index.php?rest_route=\/wp\/v2\/media\/10656"}],"wp:attachment":[{"href":"https:\/\/finderica.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10655"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/finderica.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10655"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/finderica.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10655"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}