In this news:
Major cryptocurrency exchange platform Bybit was hacked over the weekend to the tune of $1.5 billion in digital assets, in what's estimated to be the largest cryptocurrency heist in history.
Here's how the attack transpired and who might be responsible.
What happened?
The hack occurred when the Dubai-based crypto platform was making a routine transfer of Ethereum from an offline "cold" wallet to a "warm" wallet.
A hacker exploited security controls and was able to transfer the assets to an unknown address.
Here's the initial statement that was released by Bybit:
The transaction was manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet.
In other words, the hackers manipulated the front-end interface to display a legitimate transaction while signing a different, malicious transaction behind the scenes.
The price of Ethereum dropped by nearly 4 per cent following news of the hack, but has since almost returned to previous levels.
How much money was stolen?
The company estimates almost $US1.5 billion ($2.4 billion) worth of tokens were stolen.
It's said to be the biggest theft ever experienced in the industry, according to blockchain analytics firm Elliptic.
It surpassed the $US611 million stolen from Poly Network in 2021.
Immediately after the hack, the company said it had reported the case to authorities and that it was working "quickly and extensively" to identify the attacker.
Who's responsible?
Bybit or other authorities are yet to say, but security researchers Elliptic and Arkham Intelligence have reportedly linked the attack to North Korean hackers from the Lazarus Group.
Security sleuth ZachBXT also identified Lazarus as the group behind the heist.
Arkham Intelligence posted on X that ZachBXT submitted "definitive proof" Lazarus Group was the perpetrator.
This included a detailed analysis of test transactions and connected wallets used ahead of the exploit, as well as forensic graphs and timing analyses.
Lazarus Group is no stranger to high-profile exploits — it's a state-sponsored hacking collective notorious for siphoning billions of dollars from the crypto industry.
Lazarus was also believed responsible for pilfering $US600 million from the Ronin Network in March 2022.
Despite the claims from the security analysts, Bybit is yet to confirm the perpetrators in a statement.
However, in a post on X, they thanked ZachBXT for "always keeping the space sharp" and that his work into the hack "didn't go unnoticed".
What is Bybit?
A cryptocurrency exchange platform.
It is the world's second-largest cryptocurrency exchange by trading volume. It holds over $31 billion in assets.
It has more than 60 million customers worldwide. Immediately after the hack, Bybit sought to reassure customers that their cryptocurrency holdings were safe.
But news of the hack led to a surge in withdrawal requests.
Bybit chief executive Ben Zhou said the company had received more than 350,000 requests from customers to withdraw their funds.
Will affected customers get their money back?
Mr Zhou said on social media that the company would refund those affected, even if the hacked currency was not returned.
"Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss," he posted on X.
He said the money would be covered by the firm or by a loan from partners.
