The group has set its sights on various exchanges, including Phemex and Bybit, and they even attempted to deceive a BitMEX staff member by proposing a bogus project as a disguise for a phishing attempt to implant harmful software on the staff member’s device. However, BitMEX is now retaliating by delving into the malevolent code deployed by the hacker group.

BitMEX has unearthed serious loopholes that exchanges can leverage to safeguard their assets. This includes revealing the group’s tracking databases and originating IP addresses, which allows BitMEX to monitor its functioning hours and single out key players crucial to the group’s operations.

The BitMEX team has distinguished different levels for the hackers, ranging from novice hackers performing phishing tasks to experts assigned to conduct post-exploitation procedures. The BitMEX blog post proposes various real-time security breach detection measures, including an internal monitoring system for identifying infections.

BitMEX’s sudden interest in cybersecurity stems from a Lazarus Group member reaching out to a BitMEX employee on LinkedIn with a proposition to participate in a counterfeit NFT project. This audacious phishing attempt prompted BitMEX to probe deeper into the matter, which resulted in a chance to analyze live Lazarus code.

BitMEX researchers uncovered a Lazarus Supabase, which contained data related to the malware, such as username, hostname, operating system, geolocation, timestamp, and IP address. With this data, BitMEX identified various devices as either a developer or test machine based on their operational frequency.

While most of the developers utilized VPNs to conceal their location, one developer made an error revealing the actual IP address of the machine, which is located in Jiaxing, China. BitMEX considers this a significant lapse that could potentially unveil the hacker’s identity.

BitMEX has now developed a script to automatically analyze the Supabase and search for operational errors. After all, even hackers are prone to mistakes, which can prove to be their downfall. BitMEX’s astute analysis of Lazarus Group’s operations will continue to enhance their cybersecurity measures and protect their platform.

The post Unveiling Lazarus Group’s Secrets: BitMEX Developers Dive Deep into Hackers’ Database appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

One of the most substantial hacks in the month took place on May 22 on the Cetus decentralized exchange, leading to user losses of $223 million within a span of 24 hours. As per blockchain security firm Dedaub, hackers exploited a flaw in the most significant bits (MSB) check, which allowed them to manipulate the liquidity parameters and establish large positions instantly.

PeckShield and the Sui Network promptly froze $157 million in stolen funds, accounting for 71% of the total stolen amount. The second-largest exploit of the month was a $12 million attack on the DeFi platform, Cork Protocol. The attacker reportedly stole around 3,761 Wrapped Staked Ether (wstETH), which was later converted to Ether ETHUSD.

The remaining three of the top five hacks in May included a suspected DPRK-linked hack of $5.2 million, an MBU token exploit of $2.2 million, and a MapleStory Universe exploit resulting in a loss of $1.2 million.

This decline in crypto theft comes as the industry is stepping up its measures to fight against hackers. BitMEX’s security team discovered operational security gaps in the Lazarus Group, a North Korean state-sponsored cybercrime network, following a counter-operations investigation.

In the first quarter of 2025, over $1.63 billion in cryptocurrency was stolen, with the Bybit exploit accounting for more than 92% of the total losses. The industry saw over $87 million in crypto hacks in January, and a dramatic increase to $1.53 billion in February, largely due to the Bybit incident, marking one of the largest crypto thefts to date.

The post Crypto Theft Declines by 40% in May; $244M Targeted, Reports PeckShield appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

The primary suspects, North Korea’s Lazarus Group, have been trying to render the stolen funds untraceable. However, despite their attempts, over 88% of the stolen $1.4 billion remains traceable, according to Ben Zhou, Bybit exchange’s co-founder and CEO.

Zhou revealed in a post on March 20: “Of the total hacked funds which amount to 1.4 billion USD or around 500k ETH, 88.87% remain traceable, 7.59% have gone dark, 3.54% have been frozen.”

He further detailed that the majority of the funds were laundered through Bitcoin mixers and converted into Bitcoin across thousands of wallets.

A month after the hack, hope persists that a portion of these funds can be frozen and recovered by Bybit. The exchange has paid over $2.2 million to “bounty hunters” – ethical hackers and investigators who can provide relevant information leading to the freezing of the funds.

The Bybit incident underlines the vulnerability of even secure exchanges to sophisticated cyberattacks. “This incident is another stark reminder that even the strongest security measures can be undone by human error,” cautions Lucien Bourdon, an analyst at Trezor.

Surpassing the $600 million Poly Network hack in August 2021, the Bybit heist is now the largest crypto exchange breach to date.

The post Massive Bybit Hack: Over 88% of $1.4B Stolen Cryptocurrency Still Traceable appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

In a promising development for Ethereum, it gained more than 5.38% in the two days following February 21, the day Bybit was hacked, resulting in more than $1.4 billion in liquid-staked Ethereum (STETH) and other digital assets being stolen. This marks the biggest cryptocurrency theft in recorded history.

Ethereum’s rise may be partially credited to Bybit’s increased spot buying pressure, with the exchange purchasing over 106,498 Ethereum (ETH) worth $295 million in over-the-counter (OTC) trades after the hack, helping it recover almost half of its Ethereum supply prior to the hack.

Suspicions point to the North Korean Lazarus Group as the primary perpetrator of the $1.4 billion heist, indicating that the cybercrime unit might not immediately offload the stolen Ethereum. Currently, the Lazarus Group’s most well-known wallet holds over $83 million in cryptocurrencies, including $3.68 million in Ethereum, according to data from Arkham Intelligence.

This figure represents a minor portion of the estimated $1.34 billion worth of cryptocurrencies pilfered by North Korean hackers last year, accounting for 61% of all crypto thefts in 2024, as stated by Chainalysis data.

For Ethereum to reverse its falling trend of over two months, it must decisively cross the $3,000 threshold, says Vugar Usi Zade, chief operating officer at Bitget exchange. He explains, “While a clear breakout is yet to be seen, a decisive surpassing of the $2,700-$3,000 resistance area could set the stage for increased gains.”

Even amidst the short-term volatility, Ethereum’s basic value proposition remains “extremely robust,” says Marcin Kazmierczak, co-founder and COO of Redstone blockchain oracle solutions company. He believes that Ethereum’s fundamentals will eventually align with its market performance.

The declining Ethereum reserve on cryptocurrency exchanges is a positive sign for its price, adds Kazmierczak. Data from CryptoQuant indicates that Ethereum reserves on all exchanges dropped to 18.95 million on February 18, the lowest since July 2016 when Ethereum was trading at around $14.

However, Ethereum faces considerable resistance above the $2,900 and $3,000 mark. A potential rally above $3,000 could lead to over $623 million in leveraged short liquidations across all exchanges, as per CoinGlass data.

The post Will Ethereum Bounce Back to $3K Following Bybit’s Record $1.4B Hack? appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.