-
@ Bitman
2025-02-22 17:11:57
**This is Lazarus.**
They’ve just stolen $1.46 billion from Bybit.
They didn’t breach the code—they breached the people.
Here’s the untold story of how they did it (and why no one is truly safe).
https://image.nostr.build/5120f62c63199bbc1402c1c33c11d337ab9c5623ce78d7351025fcbb9b14c27e.jpg
Lazarus is a state-sponsored hacking group from North Korea.
They've siphoned billions from banks, crypto exchanges, and DeFi protocols.
And now, they’ve executed the largest crypto heist in history.
But how? Well...
https://image.nostr.build/5ecefbb02468cea4ca1b89fdd51835921d15161fc992095d44005003c5f5ddc7.jpg
There was no code exploit.
No leaked private keys.
Bybit’s own multisig signers approved the transactions.
They thought they were signing a routine transfer.
Instead, they handed over access to their entire cold wallet...
https://video.nostr.build/0e92d71c6dba6d99532b4b126c5e42001a8c446d1e312539fa9a3fad8c52d851.mp4
This raises a terrifying question.
How did Lazarus know exactly who to target?
A multisig wallet requires multiple signers.
If even one refused to sign, the hack would have failed.
But they all signed.
This means Lazarus didn’t just hack Bybit...
They knew who to manipulate.
There are only a few ways to gather that kind of information:
- **Inside job** – Someone leaked the signer list.
- **Social engineering** – Lazarus studied their emails and behavior.
- **Device compromise** – One or more signers were infected with malware.
This puts other exchanges at risk too...
https://image.nostr.build/a80694326818292e24e26def7ffddbea45bc2f41384b3563c3217c1a1d53a353.jpg
Today, Lazarus stole 0.42% of all Ethereum.
This means they own more than:
- The Ethereum Foundation
- Vitalik Buterin
- Fidelity
But laundering that much ETH without detection isn’t easy...
https://image.nostr.build/331d83a66c362801b91d42b1aba1b658dc1b35d25a156255d312b483421d4449.jpg
In previous attacks, Lazarus has used:
- Bridging to other blockchains
- On-chain mixing services
- OTC trading through illicit brokers
Will they employ the same tactics again?
https://video.nostr.build/c25c686a1ce4d71ad7e0efebf02b1d6bcb05ac0f23438d11e4380ebe53aa6526.mp4
Investigators quickly flagged the 53 wallets holding the stolen ETH.
Any attempt to cash out or swap funds would immediately raise red flags.
But Lazarus is in no rush...
https://image.nostr.build/2ebfb985c7d7abe4e2715f505ed64c227b908bbbc85b20630fc7437f391a0bb4.jpg
In 2022, Chainalysis found Lazarus still held $55 million from hacks six years earlier.
They don’t cash out quickly; they wait.
And no one has ever gotten their money back. Not once.
Lazarus doesn’t negotiate. They don’t return funds.
So what happens to users?
https://image.nostr.build/3d4738f4d0db5a14c6dd71f32c54d56b061c6e8896134de579cc36867f7175bd.jpg
Bybit’s CEO, Ben Zhou, addressed the crisis publicly:
- “Client funds are 1:1 backed.”
- “We have enough liquidity to cover withdrawals.”
- “All other wallets remain secure.”
So far, there hasn’t been a bank run...
https://video.nostr.build/25616f50b774296945681a3455939f62af623f68081a651209fd89392f778d91.mp4
But this isn’t the first time this has happened.
And it won’t be the last.
So how can you stay safe? Follow these simple steps:
1. **Cold wallets stay cold** - If it touches the internet, it's not cold.
2. **Never sign blindly** - Always verify what you're signing, even if the UI looks legit.
3. **Spread your risk** - Never keep all your funds in one place.
4. **Secure your keys** - Use a hardware wallet. No exceptions.
5. **Assume you're a target** - Lazarus doesn’t hack systems; they hack people. Stay paranoid.