Bybit Hacker Attack Tracking: Which Platform Refuses to Cooperate? Bybit has purchased a large amoun

The largest hacker attack in the history of encryption

The Bybit exchange was hacked, with a total value of 1.43 billion magnesium ETH, which was the most concerning issue in the industry over the weekend. According to statistics, this incident is the highest amount of stolen money in the history of cryptocurrency hacking, far surpassing the second ranked Ronnin cross chain bridge attack.

SlowMist Reveals Lazarus Group's Techniques

In response to this incident, Cosine, founder of well-known memory blockchain security company SlowMist, stated in a post that after in-depth forensic analysis and tracking investigation, it has been confirmed that the hacker attack on Bybit exchange came from the North Korean hacker group Lazarus Group, and called it a national level APT (Advanced Persistent Threat) attack.

According to the analysis of the SlowMist team, the attack method of Lazarus Group is not a single technology, but a combination of multiple methods, from social engineering to vulnerability exploitation, to internal network penetration and fund tran**er. Hackers first use phishing emails, disguised identities, and other means to gain the trust of the target personnel, and then implant malicious programs into the victim's system. This allows attackers to lurk inside the system for a long time, ultimately achieving an invasion of the exchange infrastructure. Once succes**ully invaded, attackers will use RCE technology to execute malicious code, further enhance system privileges, expand control over internal networks, and illegally tran**er a large amount of encrypted assets.

The SlowMist team emphasizes that this incident once again highlights the threat of national level hackers to the cryptocurrency industry, and calls on major exchanges and related institutions to enhance their security awareness and strengthen their internal security management mechani**s. In addition, continuous monitoring of abnormal network activity and suspicious fund tran**ers, as well as regular security checks and vulnerability fixes, are also important measures to prevent APT attacks.

Cooperation and Refusal to Cooperate

Since the incident, Bybit has been working hard to stop the bleeding and trying to make up for the losses through cooperation with peers. Bybit Last night, a tweet was released stating that through coordinated efforts from multiple parties, $42.89 million of stolen funds were succes**ully frozen in just one day. The institutions providing assistance include Tether, THORChain, ChangeNOW, FixeFloat, Avalanche Ecosystem, CoinEx, Bitget, Circle, etc.

However, some platforms have publicly stated their refusal to cooperate with Bybit in freezing hacker funds. For example, the cryptocurrency mixing platform eXch, which is actively being used by hackers (with over 29000 ETH being laundered through the platform), posted an email on the Bitcoin forum regarding Bybit's interception of hacker address requests. However, eXch explicitly refused because Bybit had previously marked eXch as a blacklisted address, resulting in many eXch customers being blocked on Bybit and ignoring eXch's communication requests. EXch wrote in his reply:

In this situation, we hope to receive a clear explanation as to why we should consider assisting an organization that has actively damaged our reputation

Sell while acquiring

According to on chain data, the hacker illegally obtained a total of over 500000 ETH (including pledged derivatives) in this attack. Chain analyst Yu Jin stated that as of now, Bybit Hackers have sold 50700 ETH ($142 million) through on chain trading platforms, cross chain bridges, and coin mixing platforms, exchanging them for DAI and other on chain assets (such as btc). Currently, they still hold 448600 ETH ($1.26 billion).

In addition, according to the data monitored by Lookonchain, Bybit After being hacked, approximately 446870 ETH (about 1.23 billion US dollars) have been obtained through loans, large deposits, and purchases.

Among them, Bybit associated addresses purchased approximately 266694 ETH through OTC, DEX, and CEX.