Profile picture of Pix🔎

Pix🔎

@PixOnChain

Published: February 21, 2025
830
3.1k
19.1k

This is Lazarus They just stole $1.46 billion from Bybit And they didn’t break the code — they broke the people Here’s untold story of how they did it (and why no one is truly safe) 👇

Image in tweet by Pix🔎

Lazarus is a state-backed North Korean hacking group They’ve stolen billions from banks, crypto exchanges, and DeFi protocols And now, they’ve pulled off the biggest crypto heist in history But how? Well...

Image in tweet by Pix🔎

There was no code exploit. No leaked private keys. Bybit’s own multisig signers approved the transactions. They thought they were signing a routine transfer. Instead, they were handing over their entire cold wallet...

But that raises a terrifying question. How did Lazarus know exactly who to target? A multisig wallet requires multiple signers. If even one refused to sign, the hack would fail. But they all signed. That means Lazarus didn’t just hack Bybit… They knew who to manipulate

There are only a few ways to get that kind of information. • Inside job – Someone leaked the signer list. • Social engineering – Lazarus studied their emails & behavior. • Device compromise – One or more signers were infected with malware. This means other exchanges are at risk too...

Image in tweet by Pix🔎

Today Lazarus stole 0.42% of all Ethereum It means they own More than the Ethereum Foundation. More than Vitalik Buterin. And more than Fidelity. But laundering that much ETH without detection isn’t easy...

Image in tweet by Pix🔎

In previous attacks, Lazarus has used: • Bridging to other blockchains • On-chain mixing services • OTC trading via illicit brokers Would they try the same tactics again?

Investigators quickly flagged the 53 wallets holding the stolen ETH. Any attempt to cash out or swap funds would immediately raise red flags. But Lazarus are in no hurry...

Image in tweet by Pix🔎

In 2022, Chainalysis found Lazarus still held $55M from hacks six years earlier. They don’t cash out fast. They wait. And no one has ever gotten their money back. Not once. Lazarus doesn’t negotiate. They don’t return funds. So what happens to users?

Image in tweet by Pix🔎

Bybit’s CEO, Ben Zhou, addressed the crisis publicly: • “Client funds are 1:1 backed.” • “We have enough liquidity to cover withdrawals.” • “All other wallets remain secure.” So far, no bank run...

But this isn’t the first time this happened And it won’t be the last. So how do you stay safe? Follow these simple steps:

Image in tweet by Pix🔎

I hope you've found this thread helpful. Follow me @PixOnChain for more. Like/Retweet the first tweet below to spread awareness:

Share this thread

Read on Twitter

View original thread

Navigate thread

1/12