There was no code exploit. No leaked private keys. Bybit’s own multisig signers approved the transactions. They thought they were signing a routine transfer. Instead, they were handing over their entire cold wallet...

This is Lazarus They just stole $1.46 billion from Bybit And they didn’t break the code — they broke the people Here’s untold story of how they did it (and why no one is truly safe) 👇

Lazarus is a state-backed North Korean hacking group They’ve stolen billions from banks, crypto exchanges, and DeFi protocols And now, they’ve pulled off the biggest crypto heist in history But how? Well...

But that raises a terrifying question. How did Lazarus know exactly who to target? A multisig wallet requires multiple signers. If even one refused to sign, the hack would fail. But they all signed. That means Lazarus didn’t just hack Bybit… They knew who to manipulate

There are only a few ways to get that kind of information. • Inside job – Someone leaked the signer list. • Social engineering – Lazarus studied their emails & behavior. • Device compromise – One or more signers were infected with malware. This means other exchanges are at risk too...

Today Lazarus stole 0.42% of all Ethereum It means they own More than the Ethereum Foundation. More than Vitalik Buterin. And more than Fidelity. But laundering that much ETH without detection isn’t easy...

In previous attacks, Lazarus has used: • Bridging to other blockchains • On-chain mixing services • OTC trading via illicit brokers Would they try the same tactics again?

Investigators quickly flagged the 53 wallets holding the stolen ETH. Any attempt to cash out or swap funds would immediately raise red flags. But Lazarus are in no hurry...

In 2022, Chainalysis found Lazarus still held $55M from hacks six years earlier. They don’t cash out fast. They wait. And no one has ever gotten their money back. Not once. Lazarus doesn’t negotiate. They don’t return funds. So what happens to users?

Bybit’s CEO, Ben Zhou, addressed the crisis publicly: • “Client funds are 1:1 backed.” • “We have enough liquidity to cover withdrawals.” • “All other wallets remain secure.” So far, no bank run...

But this isn’t the first time this happened And it won’t be the last. So how do you stay safe? Follow these simple steps:

I hope you've found this thread helpful. Follow me @PixOnChain for more. Like/Retweet the first tweet below to spread awareness:

Tired of prop firms spying on your trades? At Elite Trader Funding, we respect your privacy. No shady practices, no hidden agendas—just clear, consistent rules for everyone. Whether you’re on day one or day 100, every trader is treated the same.

Which routine transfers? Why would you do routine transfers using the multisig that is there to only store end-user assets. Now I get what a warm wallet is. Its a cold wallet that gets controlled by a 12 year old