Cryptocurrency exchange Bybit said hackers took control of an offline Ether wallet and stole nearly $1.5 billion (£1.2bn) in what analysts said was the largest-ever crypto theft.
The attack, disclosed late on Friday, sent cryptocurrencies and crypto exchanges trading sharply lower as it sparked a wave of panic selling and liquidity fears.
Bybit said it was “solvent” and that client funds were “safe”.
“Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss,” said Ben Zhou, chief executive of the Dubai-based company in a social media post.
Offline wallet
“All client funds are safe, and our operations continue as usual without any disruption,” Zhou said.
The company said it was investigating the incident along with forensic experts.
Zhou confirmed that the attackers had gained access to one of the exchange’s offline Ethereum wallets.
Arkham Intelligence, a blockchain intelligence platform, said North Korean state-backed Lazarus Group hacking gang was behind the theft.
Arkham said a user with the handle ZachXBT had submitted “definitive proof” linking Lazarus Group to the attack.
“His submission included a detailed analysis of test transactions and connected wallets used ahead of the exploit, as well as multiple forensics graphs and timing analyses,” Arkham said on social media.
A significant amount of the stolen crypto assets “have begun to move to new addresses where they are being sold”, Arkham said.
Blockchain analytics firms Blockaid and Elliptic said the hack was the largest-ever crypto theft, surpassing the $611m stolen from Poly Network in 2021.
The price of Ether fell more than 7 percent on Friday following the news, while Bitcoin reversed earlier gains to fall about 2 percent.
Market shock
Shares in Coinbase, a major crypto exchange, had risen after it said the US Securities and Exchange Commission would drop a lawsuit against it, but following the news it closed down more than 5 percent.
North Korea has been the most prolific backer of high-value crypto thefts in recent years.
State-backed Lazarus Group was linked to $1.34bn in crypto thefts last year, the highest annual figure up to that time and more than double the amount stolen the previous year.
North Korean attacks in 2024 accounted for more than half of the $2.2bn in crypto thefts that year.
The Bybit breach, however, beats the North Korean figure for all of last year.
Crypto thefts are one of the main ways that North Korea funds its weapons programme, along with a scheme in which it sends fully remote IT workers to be employed at companies in the US and elsewhere, posing as domestic residents and sending tens of millions in earnings back to the regime.
