The hackers have another 363,900 ETH (~$900 million) stored at their address.
If they continue at the same rate, the remaining assets will be withdrawn within 8-10 days.
The total amount laundered has reached 135,000 ETH (~$335 million).
Beosin researchers reported that the Bybit hacker started using Maya Protocol to transfer stolen assets.
Bybit CEO Ben Zhou announced the launch of a website to track the activities of North Korean hacker group Lazarus Group, which Arkham Intelligence experts linked to the platform hack. He called the initiative a “bounty hunt.”
The resource collects information about laundering schemes, and also offers mechanisms to combat attackers.
Users can connect their wallets and join the search for illegal funds. If assets are successfully blocked, the reward is paid automatically.
“Freezers” receive 5% of each bounty. The platform also provides ratings of bona fide participants in the crypto industry.
In the future, it is planned to add tools for regulators and balance tracking on “live” Lazarus wallets. The platform promises not to stop until the actions of hackers and their partners are not completely stopped.
What Caused The Bybit Hack – The Largest In History?
“Incorrect EVM design” was the cause of the Bybit hack. This is the conclusion reached by Blockstream co-founder and cypherpunk Adam Back.
According to the exchange’s official statement, the incident occurred when transferring ETH from cold multisig storage to a hot wallet.
Attackers tampered with the transaction signing interface so that all participants in the procedure saw the correct address. At the same time, the logic of the smart contract was changed and the hackers gained control of the Ethereum wallet.
“EVM can drop to zero and nobody cares. The problem is that the Ethereum Virtual Machine hurts trust in the ecosystem, which unfairly reflects on bitcoin,” the expert pointed out.
Back called the EVM “complex, fragile and insecure.”
“They’ve been losing billions a year for several years in a row […]. It’s been zero days since the nine-figure loss on ETH,” he complained.
According to Back, the Bybit incident has nothing to do with the security of hardware wallets, but is due to the difficulty of EVMs in correctly verifying a transaction.
Unlike the second most capitalized cryptocurrency, bitcoin’s ecosystem is devoid of such vulnerabilities, he added.
“The whole point of HWW [hardware wallets] is to verify on the device screen how much you’re paying and to what address. That doesn’t work with ETH because of the complexity of the EVM and the size of the state. Therein lies the problem. ETH on HWW didn’t even display addresses for Bybit,” the Blockstream co-founder explained.
In an interview with Cointelegraph, Hacken CEO Dima Budorin questioned Beck’s validity. In his opinion, the challenge is presented by the vulnerabilities and complexities of using multi-sig wallets, which is common in all ecosystems, including bitcoin.
“Even similar systems in digital gold, while simple, remain susceptible to risks like human error, phishing or advanced attacks focusing on signatories’ devices and workflows,” he explained.
Global Ledger co-founder Lex Fisun supported Budorin.
The specialist stated that only one ETH address was hacked in the Bybit incident. He suggested that this was possible because of “operational security weaknesses around cold wallet transfers rather than a fundamental flaw in the EVM.”
“The exploit may have originated in the virtual machine, but we cannot confirm this at this time,” he pointed out.
Bybit declined to comment on whether they believe EVMs played a role in the security breach.
Recall, Arkham Intelligence experts linked the incident to the North Korean Lazarus Group.
Source: https://coinpaper.com/7699/bybit-hackers-laundered-113-million-in-24-hours