Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
An inquiry has established that the Lazarus Group was responsible for the cyberattack on the cryptocurrency exchange Bybit, taking advantage of a flaw in Secure{Pockets}. The FBI has joined the investigation.
Bybit’s CEO Ben Zhou provided official reports regarding the incident, which took place on February 21, 2025. Cybersecurity experts from Sygnia and Verichains disclosed that the attackers infiltrated the Secure{Pockets} infrastructure by inserting harmful JavaScript code into the wallet’s AWS S3 storage. This code remained inactive until it detected Bybit’s contract agreement, at which point it modified transaction details in real-time, altering recipients and the logic of signed transactions.
Law enforcement agencies, including the FBI and Interpol, along with blockchain analytics firms, are now involved in the investigation. The FBI confirmed that the attack was carried out by TraderTraitor, a hacking group associated with the Lazarus Group and North Korean authorities.
Representatives from Secure{Pockets} stated that their smart contracts were not compromised. They indicated that the hackers gained access to the server through malware on a developer’s device. The Secure{Pockets} team has addressed the vulnerability and will soon issue a comprehensive incident report.
Related Posts
Former Binance CEO Changpeng Zhao criticized Secure{Pockets}’ statement, alleging that the team was minimizing the issue. Martin Köppelmann, CEO of Gnosis, which aids in the development of Secure{Pockets}, responded with a detailed explanation and announced new security measures already underway.
Nansen analysts monitored the movement of the stolen assets, revealing that the hackers divided the funds into 42 large wallets before dispersing them across thousands of smaller ones. The stolen assets are being laundered through DEXs, cross-chain bridges, and crypto mixers. According to Bybit’s official reports, by the end of February 2025, approximately $335 million had been laundered, while $900 million remains in the hackers’ wallets.
Max Krupyshev, CEO of CoinsPaid, commented on the situation for CP Media, highlighting that any system managing significant amounts becomes a target. He noted that the crucial factor is how swiftly the project team reacts to the breach, assists users, and implements measures to prevent future incidents. “Bybit demonstrated a responsible approach. First, the exchange quickly responded and did not suspend withdrawals, which is vital for user trust. Secondly, Bybit’s CEO communicates transparently with the market, which is a critical factor in crisis situations,” Max stated.
On February 21, 2025, Bybit experienced one of the largest hacks in cryptocurrency exchange history, with over $1.4 billion in assets stolen.
The message Lazarus Group Hacked Bybit Utilizing Secure{Pockets} Vulnerability first appeared on CoinsPaid Media.
