The most read Vietnamese newspaper
Edition: International | Vietnamese
© Copyright 1997 VnExpress.net. All rights reserved.
"Join us in war against Lazarus," he wrote on X on Feb. 25 with a link to his bounty website. He specifically named the hacker group Lazarus as the attackers who stole $1.46 billion in the largest ever crypto-related attack.
"The stolen funds have been transferred to untraceable or freezeable destinations, such as exchanges, mixers an bridges, or converted into stablecoins that can be frozen," the bounty website says.
To become a bounty hunter, Zhou writes, participants can connect their wallet to the bounty website, help trace the stolen funds and report them to the Bybit team. For every tip that leads to where the stolen funds are stashed, tippers are awarded 5% of the stash’s value; the platforms that freeze those funds are awarded 5% as well.
 |
|
Ben Zhou, CEO of crypto exchange Bybit. Photo by X/@benbybit |
Generally, on a blockchain, identifying attackers is very difficult. However, every wallet address is unique and can be traced via public transaction information. Attackers can only cover their tracks with tools that obscure transaction details called "mixers".
In his X post, Zhou said he has dedicated a team to maintaining and updating the bounty website. "We will not stop until Lazarus or bad actors in the industry are eliminated," he claimed. "In future we will open it up to other victims of Lazarus as well."
After the Feb. 21 attack Zhou explained that his exchange stores crypto funds in a multisig cold wallet -- "multisig", short for multiple signatures, means any action involving the wallet needs confirmation from multiple individuals, and cold means it is disconnected from the internet.
Before the incident the Bybit team made a transfer from its cold wallet to its hot wallet, having verified the addresses. Meanwhile, the hackers had intervened to change the logic within the underlying smart contract, so when the Bybit team approved the transaction, they ended up giving away permissions to the hackers.
The incident immediately caused a wave of withdrawals out of Bybit due to users’ worries of illiquidity, and $5.5 billion worth of assets exited the exchange in a short amount of time. Zhou said the cash flow has since stabilized in a live stream to share more information about the incident as well as resolutions. Bybit can cover payments to users even if it cannot recover the stolen funds, he added.
After the hack, security detective ZachXBT traced the attack to Lazarus. Responding to U.S. business news channel CNBC, blockchain analytics firm Elliptic also said the hack could be linked to this infamous group. The U.S.’s Federal Bureau of Investigation alleges that the group is based in North Korea.
Blockchain data platform Chainalysis said this is not the first time Lazarus has targeted crypto systems. In 2021 it is alleged to have made at least seven attacks to steal $400 million in crypto in total. In 2022 it was behind the attack on the Ronin bridge in the video game Axie Infinity, stealing over $600 million. Previously, it was identified as the perpetrator of the KuCoin attack, the WannaCry malware and the cyberattack on Sony Pictures.
In recent days Zhou garnered controversy for refusing to list the Pi cryptocurrency on Bybit. Early on Feb. 21, the day of the hack, he posted a warning implying that Pi Network was a scam, which its representatives later denied.
