News 
February 25, 2025 
4 min. 
Blockchain analytics firm Chainalysis has provided a detailed breakdown of how hackers pulled off the largest exchange hack in history, stealing $1.46 billion from cryptocurrency platform Bybit. The investigation also revealed how North Korea’s notorious Lazarus Group laundered the stolen assets using sophisticated tactics.
Phishing, Smart Contract Exploits, and Fund Diversion, Chainalysis Reveals
The attack on Bybit, which took place on Feb. 21, began with a phishing campaign targeting cold wallet signers, according to Chainalysis’ report published on Feb. 24. Once the attackers gained access to Bybit’s user interface, they replaced the exchange’s multisignature wallet contract with a malicious version, enabling unauthorized fund transfers.
- Get in to know the difference between OKX and Binance
The hackers were able to redirect a normal transaction from Bybit’s Ethereum cold wallet to hot wallet and siphon off 401,000 ETH, around $1.46 billion, to their wallets. The stolen money was sent to multiple intermediary wallets that cybercriminals use to hide their tracks.
Chainalysis claims that some of the stolen Ether was turned into Bitcoin, Dai, and other currencies via DEXs using KYC-less cross-chain bridges and instant swapping services. These techniques permitted the hackers to move the funds across multiple blockchain networks, making tracking them and recovery progressively more difficult.
Crypto Community Freezes Stolen Funds Amid Laundering Attempts
Even though the attackers attempted to launder the stolen assets, Chainalysis pointed out that the “setback” of Blockchains resources being transparent continues to serve as an advantage for investigators. Already the firm has showed collaborative efforts with other parties in the niche to freeze more than 40 million dollars worth of assets that were stolen.
As per the Chainalysis, a portion of the hacked assets is both severely understudied and underreported. It is a well-known practice for Lazarus Group to keep hacked assets untouched for lengthy periods of time allowing greater amounts of money to be accumulated over a longer stretch of time. “By postponing laundering actions, they want to outlast the great increase in attention that follows these sorts of breaches,” the report states.
It also emphasized the need for more robust regulatory and legal frameworks for the crypto sphere through proactive measures aimed at addressing potential risks investing in protection of users’ funds. The company noted that to effectively deal with cyber threats and reduce the impact of breaches in the future, cooperation between the private and public sectors is imperative.
While the Bybit hack showcases the continuing existence of weaknesses in the crypto world, the immediate action taken by blockchain analysis companies and other stakeholders gives reason to believe that much more of the stolen assets can still be retrieved.
