Bybit has confirmed a record-breaking cryptocurrency heist, reporting that over $1.46 billion was stolen from one of its Ethereum cold wallets in a highly sophisticated cyberattack. The company stated that the breach occurred when a transaction from its ETH multisig cold wallet to a warm wallet was intercepted. According to Bybit, the attackers manipulated the signing interface, displaying the correct address while secretly altering the smart contract logic, ultimately allowing them to take control of the wallet and transfer funds to an unknown destination.

Bybit’s CEO, Ben Zhou, reassured users that all other cold wallets remain secure and that authorities have been notified. Though Bybit has not officially confirmed the perpetrators, blockchain analytics firms Elliptic and Arkham Intelligence attribute the attack to the notorious Lazarus Group. This incident surpasses previous major crypto thefts, including Ronin Network ($624 million), Poly Network ($611 million), and BNB Bridge ($586 million), making it the largest crypto heist in history.

Cybersecurity researcher ZachXBT also linked the Bybit hack to a recent breach at Phemex, which took place late last month. The Lazarus Group, a North Korea-based hacking collective, is well known for orchestrating large-scale cryptocurrency thefts to generate funds for the heavily sanctioned regime.

In 2024 alone, the group is believed to have stolen approximately $1.34 billion across 47 separate crypto-related attacks, accounting for 61% of all digital assets stolen during the year, according to blockchain intelligence firm Chainalysis.

Google previously described North Korea as one of the world’s most dominant cybercriminal operations. The rise in cryptocurrency thefts is attributed to the high financial incentives, difficulties in tracing malicious actors, and the limited expertise many organizations have in handling cryptocurrency and Web3 technologies, as noted by Google-owned cybersecurity firm Mandiant.