Bybit has launched a bounty program aimed at recovering $1.5 billion in cryptocurrency stolen by the Lazarus Group, a notorious cybercrime organization linked to North Korea. This initiative was announced by the exchange’s CEO, Ben Zhou, shortly after the theft, which is recognized as one of the largest in cryptocurrency history.
Bounty Program Details
The bounty program, accessible at lazarusbounty.com, has already distributed over $4 million in rewards to individuals who have assisted in tracking the stolen assets. Zhou emphasized the exchange’s commitment to eradicating the Lazarus Group and other malicious entities within the industry. He also suggested that the bounty program might expand to support other victims of the group.
- Participants can earn a 5% reward for identifying and reporting blockchain transactions related to the theft.
- An additional 5% is allocated to the exchange or mixer that aids in the recovery.
- Approximately $140 million is available for tracing the stolen Ethereum.
The Theft Incident
The theft occurred on February 21, when funds intended for transfer from an offline Ethereum cold wallet to an online hot wallet were redirected. A sophisticated attack manipulated the smart contract logic and obscured the signing interface, allowing the attacker to gain control of the cold wallet.
As a result, over 400,000 ETH and stETH, valued at more than $1.5 billion, were sent to an unknown address. Forensic analysis revealed that the heist involved altering the JavaScript code of SafeWallet, the platform used by Bybit for fund management. The attackers compromised an AWS S3 or CloudFront account linked to SafeWallet, which enabled the manipulation of the software.
Response and Future Plans
In response to the incident, Bybit has assured users that it remains liquid and that customer accounts are unaffected. The exchange has sufficient funds to cover transactions despite the significant loss. Zhou also announced plans for a new “HackBounty platform” to engage the broader cryptocurrency industry in combating cybercrime.
He expressed hope for collaboration, stating that together, a stronger defense system against cyber threats can be built. The Lazarus Group, known for state-sponsored hacking, has a history of targeting cryptocurrency exchanges and developers using sophisticated social engineering and zero-day exploits.
Security Measures and Industry Impact
The breach of Bybit highlights the vulnerabilities that can exist even in established platforms. SafeWallet has advised caution and is implementing measures to prevent future attacks, noting that the forensic review did not reveal any vulnerabilities in its smart contracts or source code.
As the cryptocurrency landscape evolves, this incident serves as a reminder of the ongoing risks associated with digital assets. Bybit’s proactive measures, including the bounty program and the establishment of a collaborative platform, reflect a growing awareness of the need for enhanced security within the industry.
The outcome of this initiative could significantly impact the future of cryptocurrency exchanges and their ability to protect user assets against increasingly sophisticated cyber threats.
📎 Related coverage from: theregister.com
