Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Pix🔎 Profile picture
Pix🔎
@PixOnChain
| WEB3 Researcher | Trend Spotter | Ambassador @Bubblemaps | Advisor @Mintify

Feb 21, 12 tweets

This is Lazarus

They just stole $1.46 billion from Bybit

And they didn’t break the code — they broke the people

Here’s untold story of how they did it (and why no one is truly safe) 👇

Lazarus is a state-backed North Korean hacking group

They’ve stolen billions from banks, crypto exchanges, and DeFi protocols

And now, they’ve pulled off the biggest crypto heist in history

But how? Well...

There was no code exploit.

No leaked private keys.

Bybit’s own multisig signers approved the transactions.

They thought they were signing a routine transfer.

Instead, they were handing over their entire cold wallet...

But that raises a terrifying question.

How did Lazarus know exactly who to target?

A multisig wallet requires multiple signers.

If even one refused to sign, the hack would fail.

But they all signed.

That means Lazarus didn’t just hack Bybit…

They knew who to manipulate

There are only a few ways to get that kind of information.

• Inside job – Someone leaked the signer list.
• Social engineering – Lazarus studied their emails & behavior.
• Device compromise – One or more signers were infected with malware.

This means other exchanges are at risk too...

Today Lazarus stole 0.42% of all Ethereum

It means they own

More than the Ethereum Foundation.

More than Vitalik Buterin.

And more than Fidelity.

But laundering that much ETH without detection isn’t easy...

In previous attacks, Lazarus has used:

• Bridging to other blockchains
• On-chain mixing services
• OTC trading via illicit brokers

Would they try the same tactics again?

Investigators quickly flagged the 53 wallets holding the stolen ETH.

Any attempt to cash out or swap funds would immediately raise red flags.

But Lazarus are in no hurry...

In 2022, Chainalysis found Lazarus still held $55M from hacks six years earlier.

They don’t cash out fast. They wait.

And no one has ever gotten their money back.

Not once.

Lazarus doesn’t negotiate. They don’t return funds.

So what happens to users?

Bybit’s CEO, Ben Zhou, addressed the crisis publicly:

• “Client funds are 1:1 backed.”

• “We have enough liquidity to cover withdrawals.”

• “All other wallets remain secure.”

So far, no bank run...

But this isn’t the first time this happened

And it won’t be the last.

So how do you stay safe? Follow these simple steps:

I hope you've found this thread helpful.

Follow me @PixOnChain for more.

Like/Retweet the first tweet below to spread awareness:

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling