Bitcoin Forum

Where are the onchain analysis experts? I reckon there are many of them in this forum who are always scanning the wallets of the signature campaigners of this forum heheheheh. This might be your chance to retire! Bybit is offering $140 million for a bounty to help them recover some of the stolen cryptocoins.

I speculate that on this Ben Zhou, the Lazarus Group has made a mistake on stealing from him. Ben appears that he is similar to this character in Taken where the father will not stop until he will find his daughter hehehe.

https://imgvb.com/images/2025/02/26/7456098888e90a4b56a5c99d231f2aad.jpg
Ben Zhou from the movie Taken

Bybit pitches $140m bounty for those who help round up its stolen crypto

Crypto exchange Bybit is offering up to $140 million to onchain sleuths who help track down the $1.4 billion the exchange lost in Friday’s hack.

Those who play an active role in the recovery of portions of the stolen funds stand to receive 10% as a reward.

“We want to officially reward our community who lent us their expertise, experience and support,” Ben Zhou, co-founder and CEO of Bybit, said in a statement.

Read in full https://www.dlnews.com/articles/defi/bybit-hack-bounty-and-ethena-raise-rock-defi/

Let us see what would happen. But what that is important most is prevention. Prevention is always better than cure. The hack is one of the most simple hack an exchange can avoid but the exchange was fooled and sign a multisig transaction from cold wallet. Make sure you always know the address that you are sending to and make sure you avoid sending to a wrong address.

I guess the money is gone.

- https://www.lazarusbounty.com/

So far, we have only seen Mantle freeze $41,917,500 and a few others that have been reported.
There could be many more bounty reports from several sources and Ben is currently collecting them.

It will be interesting to see how far Bybit gets back the lost funds.

https://talkimg.com/images/2025/02/26/q5zNN.png

If Zhou can bring the hackers to justice, then more power to him, I take no prisoners when it comes to fraud and to me punishment is what is necessary for such scumbags.

However this might end up being an inside job in which case he will have to go backfoot or just a publicity stunt because most of the hackers have not been caught yet. This group has been involved in many scams and hacks and they are doing it well with inside people is what I presume.

Even the Wazirx hack could do nothing with their bounty campaigns. These groups obviously have political support.

Hahaha...you must be "making gest of someone" right now, if you don't have the wing, how do you intend to fly? That supposed strongness can't be beyond the forum, I suppose. ::)

Well, I hope Bybit gets its money back, but that hasn't happened in the history of Lazarus Group, especially when it's such that is allegedly backed by a military regime that has zero respect for the rule of law. Who knows, that offered amount ($140m) may motivate the greatest hackers in the world whose names are not even known. Let's see how it goes.

Instead of investing that $140 million in the security of their platform, they are now playing some kind of hero who is throwing money away to do exactly what? Besides, is anyone so naive as to really think that there is only one group of hackers in the world and that the rest of the world is super honest and doesn't deal with it?

If its true what they say and Lazarus is actually behind this, then chances of him bringing them to justice are slim to none. I mean, they are supposed to be protected/directed by North Korea government, meaning there is nothing they can do other than try to freeze some funds and retrive if possible.

As others have said, Bybit should focus on improving their security instead, as that's something that they can actually do.

It's always someone else to blame, now it's lazarus group again, tomorrow some different evil hackers.
Instead of blaming others and tracking coins, they should improve their security and stop using crap like ledger and safe wallet.
Latest audit from security firms was just released with interesting new findings:
https://decrypt.co/307866/how-bybit-hacked-1-4-billion-ethereum

If we are talking about hackers from NK, what would motivate them to return 90% of the amount and keep 10% if they are actually in a country subject to economic sanctions and no matter what they do, financial policies towards them will not change. whoever succeeded in withdrawing a billion dollars will certainly not plan to return them.

They do not invest $140 million in the fight against Lazarus, but it is 10% of the total hacked amount. So, from the found and blocked hacked coins, they will give 10% to whoever helped. So that's up to $140 million. At the same time, 5% goes to the one who reported the suspicious transaction and 5% to the exchange or who already blocked the funds.

From everything written, it seems to me that they have declared war on them - but what I wanted to say is that they should work on prevention, not wait for something like this to happen and then try to repair the damage by offering a bunch of money to whoever can save what can be saved.

Besides, who hacked them? First they said it wasn't the NK guys, now they say it was, tomorrow someone will reveal that someone else is the culprit...

Should we really support freezing funds on the Ether network? Because it does look like its going to upset the rest of the institutions backing ETH. Freezing means they could freeze someone else funds if they don't like that someone.

What bybit should do is make sure their security is tougher to hackers that could steal more than them. Until they couldn't say exactly who or provide an evidence they are hacked, I guess it will remain a publicity for Bybit.

The Lazarus group is somehow accused of every hack these days, lol, are they the only hackers out there. Hackers are everywhere, all around the world and not only in North Korea, i am sure other hackers would be smiling that fingers are always pointed at the Lazarus group everytime.

I don't think it is possible for bybit to recover all of the stolen funds, even if they offer more millions, they may be lucky to recover a few more of it, but everything is impossible. So they should shift some of the focus to their system and spend more money in preventing another hack in the future.

Yep, it seems kind of improbable that almost all hacks are carried out by the same group. And what if other hacking groups are using similar methods just to make investigators think it was done by Lazarus?

ZachBXT (or whatever his name is) be like this (anyone remembers that crazy ancient aliens guy that suspected aliens did everyhing?)
https://www.talkimg.com/images/2025/02/27/qgmTN.jpeg

After an investigation, the culprit was found, and of course, it was not Bybit. It's about Safe{Wallet}'s infrastructure.
It doesn't even matter that they didn't protect billions with their UI solution.

https://talkimg.com/images/2025/02/27/qgrH5.jpeg
https://x.com/benbybit/status/1894768736084885929

It's interesting that safe wallet is using cloud storage for their infrastructure, so I am not surprised with this happening at all.
Things are getting more heated with this case, latest news I heard is that fbi released official statement with warning about this, and they are asking everyone to block incoming transactions from TraderTraitor actors.
https://www.ic3.gov/PSA/2025/PSA250226

ZachXBT managed to get even more frozen, he's just not up to date on the list.

Well, the money is already gone. They have the choice to keep it all lost or give people a chance to help them out for a 10% bounty. Someone helps them freeze $50m, they get 50m-10% = $45 million back on their wallets, quite a "bit" of money. Worth it and an obvious play. You rather they lose 100%?

If they're signing a $1.4b transaction on a third party UI hosted on the internet, which can be MITM attacked, they're at definitely dumb and at the fault. Doesn't matter that Safe was the one social engineered. :P

Here how they track the attacker https://www.trmlabs.com/post/the-bybit-hack-following-north-koreas-largest-exploit

And Lazarus group is well known for this type of hacking and I don't know how Bybit and authorities will sue this group it seems they are well protected by government since they are bringing huge money from them thru these criminal activities they made.

A brief information about this group https://en.wikipedia.org/wiki/Lazarus_Group

Its really hard to get those funds not unless there are funds still hidden on some exchange since they can freeze its withdrawal.

I honestly don't feel anything about their loss, because I'm not one of those who keeps coins on CEXs, and consequently I wonder why people still think it's safe? Maybe because that criminal CZ said that 99% of people will lose their coins if they keep them in non-custodial wallets? Some people should not be engaged in such business, the one who was hacked is only one of a series of geniuses who can allow themselves to keep billions in hot wallets.

My comment was directed towards one thought - if by any chance they had invested that money (more/less) in the security of their platform, maybe this hack would not have happened to them.

In handsight, that's obvious. But I'm sure they thought Safe's multisig was safe and it's not like they were using electrum for desktop on a public computer, they even had hardware wallets. I personally would be extra paranoid for a setup involving $1.4b, but oh well... :D

The rational now that the hack already happened is: retrieve whatever you can. Why are you guys so angry at them for doing this? :P

Not only that, i have doubt Bybit willing to put resource to protect themselves against targeted hacking. I think they either forget or not aware that even Sony got hacked and had to cancel wide theatrical release of their political satire movie about North Korea[1].

[1] https://en.wikipedia.org/wiki/2014_Sony_Pictures_hack (https://en.wikipedia.org/wiki/2014_Sony_Pictures_hack)

Bybit at number 5 of the bounty hunters leaderboard  ;D

I really hope Bybit can claw most of the money back. We need to start protecting ourselves from crypto thugs, including dismantling their operations if necessary.

You and I may have the same opinion about how we would act if we had an obligation to protect something worth billions of dollars - and when we look back at all the hacks that CEXs have experienced, I see a lot of irresponsibility and amateurism. If all these CEOs invested more in security and less in accumulating profits in their personal accounts, things like this would happen very rarely.

I don't know if you're familiar with something called "the tenth man rule." (The Tenth Man Rule: How to Take Devil’s Advocacy to a New Level (https://themindcollection.com/the-tenth-man-rule-devils-advocacy/)) but I think that rule should be applied in practice - even if everyone thinks it can't be better, one person will always disagree and look for a way to make better even better.

It's obvious that hackers never give up, and if you want to beat them you have to be at least two steps ahead of them - which means you need the best hackers on your side. This doesn't mean that anyone should hire hackers from NK, but there are a lot of smart people that CEXs should hire - for $140 million they can find a bunch of them.

However, not everything is as bad as it seems, because every hack like this only shows that non-custodial wallets and DEXs are a far better choice that everyone should consider.

I wonder, does the winner have to pay taxes in this case? I know it depends on the country but to those who live in the USA, do they have to pay taxes for it?

As they claim, Lazarus Group is a group of North Korean hackers. Would they really have someone inside Bybit? I don't know, that's strange.

Exactly, them being involved in so many things is very strange. I can't understand how North Korean group is so successful. The highest percentage of population doesn't have computer, smartphone and access to the internet, yet, they have one of the best hackers. That doesn't make sense to my mind.

It doesn't make sense, but it obviously suits someone to make it the truth that everyone will believe. The biggest lie repeated countless times eventually becomes the truth. Still, the problem is not that it is realistic that there are hackers from the NK, because the country is under sanctions and has to manage as best it can - but one wonders what about hackers from Iran or Russia, are all hackers there as honest as those from the US or EU?

Something stinks in that story, that's probably more than obvious.

This is what most companies do. They only take action and are said to be "investing" it into bounty once the hack has happened. They're making themselves a hero, but the damage has been done already, and they want the community to be part of it and just freeze the funds so that the Lazarus group won't use it. They don't want to invest into security before something happens because they feel safer but then, regrets do come always at the end.

Agreed. I would only feel something for their loss if the small minnow traders cannot withdraw their coins if the exchange has become insolvent. This feeling of sadness will be double if these small minnows are from this forum.

However, the exchange has not frozen their customers' coins despite being one of the biggest hacks in the cryptospace. This is very good news and I am very happy. It is headshaking that there are people who want to witness a worse occurrence where people lose money and the exchange is bankrupt.

When it comes to fiat value, it may be the biggest hack ever, but Mt.Gox is by far the biggest hack ever if we look at the amount of BTC that was hacked. In addition, given that it is an altcoin that has already reversed transactions in similar cases and whatnot - did VB come forward to help or is that no longer possible now that the project has moved to PoS?

Be that as it may, those who learned something from this lesson have already profited, others who believe various CEOs who tell them that custodial is better than non-custodial have already lost, even if they are not aware of it yet.

No one is arguing that custodial is better. I am only telling you that despite this being one of the largest hacks in the history of the cryptospace, this did not cause a big dump. This would have been a different type of occurrence if this occurred during 2017. The exchange might have frozen the accounts of their customers and it might be possible that it might cause insolvency and bankruptcy.

Also, it would be headshaking and very stupid to argue and imply that Vitalik will help by rolling back the transactions. Billions of assets have already exchanged hands that were not involved in the hack. The proposal for this and making it appear as a real argument are for people who want to spread fud.

Well understood, but still, nothing can be compared to the self-custody arrangement, we will all be at the mercy of the centralised system at that time of panic. Bybit only did that to allay worries and the exchange also backed it with a regular media douse, just to prove they are capable.

However, it's not about not being in 2017 anymore, the factor to look at is the bigness of the exchange, the decision of the management and its preparedness for unforeseen circumstances like that. Bybit is big and well-prepared, had it been it was a less-liquid exchange and that didn't prepare, it would have been a different story.

Maybe because $1.4 billion of something other than BTC was hacked? This altcoin is actually already overvalued today, and those who hope that it will one day replace BTC or reach some crazy ATH are living in some kind of fantasy world of their own. From the ATH three years ago to today, this altcoin has lost almost 60% of its value - so even a $5 billion hack would not mean much to the crypto market.


I'm not spreading any FUD, I'm just asking if something like that would be possible - if my memory serves me right, such things have happened in the past.

Even if it was BTC, there is no reason for it to cause an 18% dump. Cash out is always a bigger problem than the fact that a certain amount of BTC has changed owners/wallets. If I remember correctly, last year, the German government (somewhat later, also the FBI/US government) liquidated much larger amounts (which they collected by confiscation from illegal businesses), so this did not cause a serious drop.

It's a race against time because the more time the hackers have handling it, the harder it will be to track. I do think that in some way, they could recover a little bit of it. Why not? The most important thing, in my opinion, about this event is that they need to invest in a better system that would prevent a repeat of this hacking. It's one of the ways to avoid stuff like that. I do believe it's good to have that bounty, but there are better ways. No matter how small, getting it back would also be a priority, but not as much as the exchange's security.

No, the hack does not have to be in bitcoin to cause a big dump if this has occurred on 2017 or 2021. Also, Lazarus has exchanged ether to bitcoin through Thorchain already because bitcoin has higher liquidity than ether so they can dump this easier.

On the argument of overvaluation, the same argument can be used against bitcoin. Only very small amount of people use this cryptocoin for real commerce, much of the usage is in speculation.

On what you are implying that presently Vitalik can tell the validators to rollback the chain today as a possibility because it happened before, this is very much very stupid and fud. No one would listen to this proposal. It would be something similar to declaring that rolling back bitcoin blockchain is possible because this also occurred on bitcoin during 2010 inflation bug hehehehe.

Also, it was not Bybit that has hacked. It was Gnosis Safe service that exchanges use for multisignature wallets that was hacked.

This is a very long article about the Lazarus Group and how they have formed other groups from the original. This very much describes what tactics the other groups are using and their different missions to achieve their real mission to steal more bitcoin and other cryptocoins.

Everyone should read this after the shocking hack on Bybit. This was written by @samczsun, a partner in the venture capital firm Paradigm. The best venture capital in the cryptospace, I reckon.



Perhaps the biggest misconception to address is simply how to classify and name the vast range of DPRK cyberactivity. While using the term “Lazarus Group” colloquially is acceptable, it helps to be more rigorous when discussing the DPRK in detail.

To start, it helps to have an understanding of the North Korean “org chart”. At the top is the ruling (and only) party of North Korea, the Workers’ Party of Korea (WPK), under which all North Korean government institutions operate. These include the Korean People’s Army (KPA) as well as the Central Committee. Within the KPA is the General Staff Department (GSD), home to the Reconnaissance General Bureau (RGB). Under the Central Committee is the Munitions Industry Department (MID).

The RGB is responsible for almost all North Korean cyber warfare, including nearly all North Korean activity observed in the cryptocurrency industry. In addition to the infamous Lazarus Group, other threat actors that have emerged from the RGB include AppleJeus, APT38, DangerousPassword, and TraderTraitor. On the other hand, the MID is responsible for North Korea’s nuclear missiles program, and is the primary source of North Korean IT workers, tracked within the intelligence community as Contagious Interview and Wagemole.

Read in full https://www.paradigm.xyz/2025/03/demystifying-the-north-korean-threat