Bybit CEO Ben Zhou declares war on Lazarus

[ABCbits]

Instead of investing that $140 million in the security of their platform, they are now playing some kind of hero who is throwing money away to do exactly what? Besides, is anyone so naive as to really think that there is only one group of hackers in the world and that the rest of the world is super honest and doesn't deal with it?

Not only that, i have doubt Bybit willing to put resource to protect themselves against targeted hacking. I think they either forget or not aware that even Sony got hacked and had to cancel wide theatrical release of their political satire movie about North Korea[1].

[1] https://en.wikipedia.org/wiki/2014_Sony_Pictures_hack

[NotATether]

Bybit at number 5 of the bounty hunters leaderboard 

I really hope Bybit can claw most of the money back. We need to start protecting ourselves from crypto thugs, including dismantling their operations if necessary.

[Lucius]

I honestly don't feel anything about their loss, because I'm not one of those who keeps coins on CEXs, and consequently I wonder why people still think it's safe? Maybe because that criminal CZ said that 99% of people will lose their coins if they keep them in non-custodial wallets? Some people should not be engaged in such business, the one who was hacked is only one of a series of geniuses who can allow themselves to keep billions in hot wallets.

My comment was directed towards one thought - if by any chance they had invested that money (more/less) in the security of their platform, maybe this hack would not have happened to them.

In handsight, that's obvious. But I'm sure they thought Safe's multisig was safe and it's not like they were using electrum for desktop on a public computer, they even had hardware wallets. I personally would be extra paranoid for a setup involving $1.4b, but oh well...

The rational now that the hack already happened is: retrieve whatever you can. Why are you guys so angry at them for doing this?

You and I may have the same opinion about how we would act if we had an obligation to protect something worth billions of dollars - and when we look back at all the hacks that CEXs have experienced, I see a lot of irresponsibility and amateurism. If all these CEOs invested more in security and less in accumulating profits in their personal accounts, things like this would happen very rarely.

I don't know if you're familiar with something called "the tenth man rule." (The Tenth Man Rule: How to Take Devil’s Advocacy to a New Level) but I think that rule should be applied in practice - even if everyone thinks it can't be better, one person will always disagree and look for a way to make better even better.

It's obvious that hackers never give up, and if you want to beat them you have to be at least two steps ahead of them - which means you need the best hackers on your side. This doesn't mean that anyone should hire hackers from NK, but there are a lot of smart people that CEXs should hire - for $140 million they can find a bunch of them.

However, not everything is as bad as it seems, because every hack like this only shows that non-custodial wallets and DEXs are a far better choice that everyone should consider.

[Synchronice]

Crypto exchange Bybit is offering up to $140 million to onchain sleuths who help track down the $1.4 billion the exchange lost in Friday’s hack.

Those who play an active role in the recovery of portions of the stolen funds stand to receive 10% as a reward.

I wonder, does the winner have to pay taxes in this case? I know it depends on the country but to those who live in the USA, do they have to pay taxes for it?

However this might end up being an inside job in which case he will have to go backfoot or just a publicity stunt because most of the hackers have not been caught yet. This group has been involved in many scams and hacks and they are doing it well with inside people is what I presume.

As they claim, Lazarus Group is a group of North Korean hackers. Would they really have someone inside Bybit? I don't know, that's strange.

Instead of investing that $140 million in the security of their platform, they are now playing some kind of hero who is throwing money away to do exactly what? Besides, is anyone so naive as to really think that there is only one group of hackers in the world and that the rest of the world is super honest and doesn't deal with it?

Exactly, them being involved in so many things is very strange. I can't understand how North Korean group is so successful. The highest percentage of population doesn't have computer, smartphone and access to the internet, yet, they have one of the best hackers. That doesn't make sense to my mind.

[Lucius]

~snip~
Exactly, them being involved in so many things is very strange. I can't understand how North Korean group is so successful. The highest percentage of population doesn't have computer, smartphone and access to the internet, yet, they have one of the best hackers. That doesn't make sense to my mind.

It doesn't make sense, but it obviously suits someone to make it the truth that everyone will believe. The biggest lie repeated countless times eventually becomes the truth. Still, the problem is not that it is realistic that there are hackers from the NK, because the country is under sanctions and has to manage as best it can - but one wonders what about hackers from Iran or Russia, are all hackers there as honest as those from the US or EU?

Something stinks in that story, that's probably more than obvious.

[tabas]

Instead of investing that $140 million in the security of their platform, they are now playing some kind of hero who is throwing money away to do exactly what? Besides, is anyone so naive as to really think that there is only one group of hackers in the world and that the rest of the world is super honest and doesn't deal with it?

This is what most companies do. They only take action and are said to be "investing" it into bounty once the hack has happened. They're making themselves a hero, but the damage has been done already, and they want the community to be part of it and just freeze the funds so that the Lazarus group won't use it. They don't want to invest into security before something happens because they feel safer but then, regrets do come always at the end.

[bbc.reporter]

Instead of investing that $140 million in the security of their platform, they are now playing some kind of hero who is throwing money away to do exactly what?

Well, the money is already gone. They have the choice to keep it all lost or give people a chance to help them out for a 10% bounty. Someone helps them freeze $50m, they get 50m-10% = $45 million back on their wallets, quite a "bit" of money. Worth it and an obvious play. You rather they lose 100%?
~snip~

I honestly don't feel anything about their loss, because I'm not one of those who keeps coins on CEXs, and consequently I wonder why people still think it's safe? Maybe because that criminal CZ said that 99% of people will lose their coins if they keep them in non-custodial wallets? Some people should not be engaged in such business, the one who was hacked is only one of a series of geniuses who can allow themselves to keep billions in hot wallets.

My comment was directed towards one thought - if by any chance they had invested that money (more/less) in the security of their platform, maybe this hack would not have happened to them.

Agreed. I would only feel something for their loss if the small minnow traders cannot withdraw their coins if the exchange has become insolvent. This feeling of sadness will be double if these small minnows are from this forum.

However, the exchange has not frozen their customers' coins despite being one of the biggest hacks in the cryptospace. This is very good news and I am very happy. It is headshaking that there are people who want to witness a worse occurrence where people lose money and the exchange is bankrupt.

[Lucius]

~snip~
However, the exchange has not frozen their customers' coins despite being one of the biggest hacks in the cryptospace. This is very good news and I am very happy. It is headshaking that there are people who want to witness a worse occurrence where people lose money and the exchange is bankrupt.

When it comes to fiat value, it may be the biggest hack ever, but Mt.Gox is by far the biggest hack ever if we look at the amount of BTC that was hacked. In addition, given that it is an altcoin that has already reversed transactions in similar cases and whatnot - did VB come forward to help or is that no longer possible now that the project has moved to PoS?

Be that as it may, those who learned something from this lesson have already profited, others who believe various CEOs who tell them that custodial is better than non-custodial have already lost, even if they are not aware of it yet.

[bbc.reporter]

~snip~
However, the exchange has not frozen their customers' coins despite being one of the biggest hacks in the cryptospace. This is very good news and I am very happy. It is headshaking that there are people who want to witness a worse occurrence where people lose money and the exchange is bankrupt.

When it comes to fiat value, it may be the biggest hack ever, but Mt.Gox is by far the biggest hack ever if we look at the amount of BTC that was hacked. In addition, given that it is an altcoin that has already reversed transactions in similar cases and whatnot - did VB come forward to help or is that no longer possible now that the project has moved to PoS?

Be that as it may, those who learned something from this lesson have already profited, others who believe various CEOs who tell them that custodial is better than non-custodial have already lost, even if they are not aware of it yet.

No one is arguing that custodial is better. I am only telling you that despite this being one of the largest hacks in the history of the cryptospace, this did not cause a big dump. This would have been a different type of occurrence if this occurred during 2017. The exchange might have frozen the accounts of their customers and it might be possible that it might cause insolvency and bankruptcy.

Also, it would be headshaking and very stupid to argue and imply that Vitalik will help by rolling back the transactions. Billions of assets have already exchanged hands that were not involved in the hack. The proposal for this and making it appear as a real argument are for people who want to spread fud.

[EarnOnVictor]

~snip~
However, the exchange has not frozen their customers' coins despite being one of the biggest hacks in the cryptospace. This is very good news and I am very happy. It is headshaking that there are people who want to witness a worse occurrence where people lose money and the exchange is bankrupt.

When it comes to fiat value, it may be the biggest hack ever, but Mt.Gox is by far the biggest hack ever if we look at the amount of BTC that was hacked. In addition, given that it is an altcoin that has already reversed transactions in similar cases and whatnot - did VB come forward to help or is that no longer possible now that the project has moved to PoS?

Be that as it may, those who learned something from this lesson have already profited, others who believe various CEOs who tell them that custodial is better than non-custodial have already lost, even if they are not aware of it yet.

No one is arguing that custodial is better. I am only telling you that despite this being one of the largest hacks in the history of the cryptospace, this did not cause a big dump. This would have been a different type of occurrence if this occurred during 2017. The exchange might have frozen the accounts of their customers and it might be possible that it might cause insolvency and bankruptcy.

Well understood, but still, nothing can be compared to the self-custody arrangement, we will all be at the mercy of the centralised system at that time of panic. Bybit only did that to allay worries and the exchange also backed it with a regular media douse, just to prove they are capable.

However, it's not about not being in 2017 anymore, the factor to look at is the bigness of the exchange, the decision of the management and its preparedness for unforeseen circumstances like that. Bybit is big and well-prepared, had it been it was a less-liquid exchange and that didn't prepare, it would have been a different story.

[Lucius]

No one is arguing that custodial is better. I am only telling you that despite this being one of the largest hacks in the history of the cryptospace, this did not cause a big dump. This would have been a different type of occurrence if this occurred during 2017. The exchange might have frozen the accounts of their customers and it might be possible that it might cause insolvency and bankruptcy.

Maybe because $1.4 billion of something other than BTC was hacked? This altcoin is actually already overvalued today, and those who hope that it will one day replace BTC or reach some crazy ATH are living in some kind of fantasy world of their own. From the ATH three years ago to today, this altcoin has lost almost 60% of its value - so even a $5 billion hack would not mean much to the crypto market.

Also, it would be headshaking and very stupid to argue and imply that Vitalik will help by rolling back the transactions. Billions of assets have already exchanged hands that were not involved in the hack. The proposal for this and making it appear as a real argument are for people who want to spread fud.

I'm not spreading any FUD, I'm just asking if something like that would be possible - if my memory serves me right, such things have happened in the past.

[examplens]

No one is arguing that custodial is better. I am only telling you that despite this being one of the largest hacks in the history of the cryptospace, this did not cause a big dump. This would have been a different type of occurrence if this occurred during 2017. The exchange might have frozen the accounts of their customers and it might be possible that it might cause insolvency and bankruptcy.

Maybe because $1.4 billion of something other than BTC was hacked?

Even if it was BTC, there is no reason for it to cause an 18% dump. Cash out is always a bigger problem than the fact that a certain amount of BTC has changed owners/wallets. If I remember correctly, last year, the German government (somewhat later, also the FBI/US government) liquidated much larger amounts (which they collected by confiscation from illegal businesses), so this did not cause a serious drop.

[crwth]

It's a race against time because the more time the hackers have handling it, the harder it will be to track. I do think that in some way, they could recover a little bit of it. Why not? The most important thing, in my opinion, about this event is that they need to invest in a better system that would prevent a repeat of this hacking. It's one of the ways to avoid stuff like that. I do believe it's good to have that bounty, but there are better ways. No matter how small, getting it back would also be a priority, but not as much as the exchange's security.

[bbc.reporter]

No one is arguing that custodial is better. I am only telling you that despite this being one of the largest hacks in the history of the cryptospace, this did not cause a big dump. This would have been a different type of occurrence if this occurred during 2017. The exchange might have frozen the accounts of their customers and it might be possible that it might cause insolvency and bankruptcy.

Maybe because $1.4 billion of something other than BTC was hacked? This altcoin is actually already overvalued today, and those who hope that it will one day replace BTC or reach some crazy ATH are living in some kind of fantasy world of their own. From the ATH three years ago to today, this altcoin has lost almost 60% of its value - so even a $5 billion hack would not mean much to the crypto market.

Also, it would be headshaking and very stupid to argue and imply that Vitalik will help by rolling back the transactions. Billions of assets have already exchanged hands that were not involved in the hack. The proposal for this and making it appear as a real argument are for people who want to spread fud.

I'm not spreading any FUD, I'm just asking if something like that would be possible - if my memory serves me right, such things have happened in the past.

No, the hack does not have to be in bitcoin to cause a big dump if this has occurred on 2017 or 2021. Also, Lazarus has exchanged ether to bitcoin through Thorchain already because bitcoin has higher liquidity than ether so they can dump this easier.

On the argument of overvaluation, the same argument can be used against bitcoin. Only very small amount of people use this cryptocoin for real commerce, much of the usage is in speculation.

On what you are implying that presently Vitalik can tell the validators to rollback the chain today as a possibility because it happened before, this is very much very stupid and fud. No one would listen to this proposal. It would be something similar to declaring that rolling back bitcoin blockchain is possible because this also occurred on bitcoin during 2010 inflation bug hehehehe.

Also, it was not Bybit that has hacked. It was Gnosis Safe service that exchanges use for multisignature wallets that was hacked.

[bbc.reporter]

This is a very long article about the Lazarus Group and how they have formed other groups from the original. This very much describes what tactics the other groups are using and their different missions to achieve their real mission to steal more bitcoin and other cryptocoins.

Everyone should read this after the shocking hack on Bybit. This was written by @samczsun, a partner in the venture capital firm Paradigm. The best venture capital in the cryptospace, I reckon.



Perhaps the biggest misconception to address is simply how to classify and name the vast range of DPRK cyberactivity. While using the term “Lazarus Group” colloquially is acceptable, it helps to be more rigorous when discussing the DPRK in detail.

To start, it helps to have an understanding of the North Korean “org chart”. At the top is the ruling (and only) party of North Korea, the Workers’ Party of Korea (WPK), under which all North Korean government institutions operate. These include the Korean People’s Army (KPA) as well as the Central Committee. Within the KPA is the General Staff Department (GSD), home to the Reconnaissance General Bureau (RGB). Under the Central Committee is the Munitions Industry Department (MID).

The RGB is responsible for almost all North Korean cyber warfare, including nearly all North Korean activity observed in the cryptocurrency industry. In addition to the infamous Lazarus Group, other threat actors that have emerged from the RGB include AppleJeus, APT38, DangerousPassword, and TraderTraitor. On the other hand, the MID is responsible for North Korea’s nuclear missiles program, and is the primary source of North Korean IT workers, tracked within the intelligence community as Contagious Interview and Wagemole.

Read in full https://www.paradigm.xyz/2025/03/demystifying-the-north-korean-threat