PA Daily | North Korean hacker group Lazarus Group steals crypto exchange Bybit about $1.5 billion; Coinbase has reached an agreement with the US SEC, which will withdraw the lawsuit without fines
Reprinted from panewslab
02/22/2025·2MToday's news tips:
1.Coinbase Lianchuang: reached an agreement with the US SEC, and the relevant lawsuit is expected to be officially approved for revocation next week
2.OpenSea CEO: US SEC is ending investigation into OpenSea
3.ZachXBT: Monitoring suspicious capital outflows of over $1.46 billion by Bybit
4. Bybit's stolen funds involved more than 400,000 ETH, more than 90,000 stETH, 15,000 cmETH and 8,000 mETH
5.Bybit CEO: Already received nearly 80% of stolen ETH from partners as bridge loans to alleviate liquidity tightening
6.Bybit CEO: All withdrawals have been processed, and a complete incident report and security measures will be released in the next few days.
7.Arkham: Bybit was attacked by North Korean hacker group LAZARUS GROUP
8. He Yi: Binance employees’ purchase and sale limit is 30 days, otherwise it will be considered a violation
9.Kanye: The current market is full of counterfeit coins, and will launch its own coins next week
Regulatory/Macro
Coinbase co-founder and CEO Brain Armstrong posted on X platform that after years of litigation, millions of taxpayers have been spent on the money, causing irreparable damage to the country. Coinbase reached a conclusion with the U.S. Securities and Exchange Commission staff The agreement, revoked their lawsuit against Coinbase. Once approved by the Securities and Exchange Commission (who was told it will be approved next week), it will be a complete revocation with zero fines and no changes in business.
1. The Securities and Exchange Commission made a legal mistake.
2. Submission to the SEC's request may lead to the decline of the crypto industry in the United States.
3. Litigation revocation is the right choice for Coinbase’s clients and industries.
Brain Armstrong said he looked forward to the SEC reform under the leadership of Paul Atkins, Mark Uyeda, Hester Peirce and DOGE, and looked forward to new and smarter personnel entering leadership positions.
Coinbase Chief Legal Officer Paul Grewal posted on X platform that "case revocation" is a word that every case defendant is eager to hear, and the U.S. Securities and Exchange Commission will cancel the Coinbase case without any settlement or compromise - errors will only get correct. However, Coinbase still has a lot of work to do and cannot be distracted, and legislation is crucial to ensure that this illegal act does not happen again. Coinbase won't stop fighting until it sets out the clear rules needed to make the industry really flourish in the United States. Collaboration will be key, and we look forward to working with the U.S. Congress and SEC staff to drive progress in the next phase.
Trump's review of U.S. gold reserves could drive money into Bitcoin
According to TheBlock, analysts say Trump's plan to audit Fort Knox gold reserves could lead to stricter scrutiny of gold holdings, which could push investors to turn to Bitcoin, as if gold ETFs cannot verify the entirety , which may trade at a discount price, resulting in global liquidity exhaustion and prompting re-allocation of funds into digital assets. In this case, gold outflows may be converted into Bitcoin inflows.
OpenSea CEO: US SEC is ending investigation into OpenSea
OpenSea CEO tweeted that the US SEC is ending its investigation into OpenSea. This is a victory for every creater and builder in this field. Trying to classify NFTs as securities would be a backlash – misinterpreting the law and hindering innovation.
Project News
BinaryX: $BNX will be renamed $Four, and holders can exchange new tokens at a 1:1 ratio
According to the official announcement, BinaryX announced that it has officially changed its name to Four. To ensure a smooth transition, $BNX will be renamed $Four, and all $BNX holders will be able to exchange their $BNX tokens for a new one at a ratio of 1:1. $Four token, further announcements will be issued in the future. The $Four token will maintain the original maximum $BNX supply without changes while maintaining the original $BNX allocation pattern.
FTX creditors representing Sunil on the X platform said that many FTX claim users are currently from jurisdictions that are temporarily unable to participate in the allocation, including: Russia, China, Egypt, Nigeria, and Ukraine, and FTX is reviewing relevant solutions. According to disclosed data, the number of users in the above jurisdictions is the largest, accounting for about 8%.
Andre Cronje announces Sonic vision, including fee subsidies, dynamic handling fees, etc.
Sonic Labs Andre Cronje posted on the X platform that Sonic's vision this year is quite simple:
· Money fee (90% of the fees will enter the application, not validators and MEVs)
· Fee subsidy (eliminates the handling fee barriers for users to enter)
· Dynamic handling fee (the application can set fees for users)
· Native economy and account abstraction (no wallet or handling fees required)
The above content mainly involves two points:
· Make it as easy as possible for users to try out the apps launched on Sonic (removing all barriers to entry and use)
Help our app developers earn a lot of money
VanEck: Modeling of US strategic bitcoin reserves and publishing tools
Matthew Sigel, head of digital assets research at VanEck Research, posted on the X platform that the U.S. strategic bitcoin reserves may help offset national debt, and the agency has modeled it and published a tool on its website.
In response, Cynthia Lummis, chairman of the U.S. Senate Bank Digital Assets Subcommittee, said that the tools are cool and worth promoting, and Bitcoin solves the problem of reducing Treasury bonds.
ZachXBT: Monitoring suspicious outflows of over $1.46 billion in Bybit
On-chain detective ZachXBT posted a statement saying that it had monitored the suspected outflow of more than US$1.46 billion in Bybit, and more information will be provided in the future. ZachXBT added that the source confirmed that this was a security incident.
Bybit Lianchuang Ben Zhou posted on the X platform: "About 1 hour ago, Bybit ETH multi-signature cold wallet transferred money to hot wallets. It seems that this specific transaction is forged. All signers saw the forged UI and showed it correct. The address, however, the signature information is to change the smart contract logic of our ETH cold wallet, which causes the hacker to control the signature specific ETH cold wallet and transfer all ETH in the cold wallet to this unidentified address. Rest assured, All other cold wallets are secure and all withdrawals are normal. The community will be informed of more progress at any time and it would be greatly appreciated if any team can help track stolen funds.”
Bybit posted on X platform that it detected an unauthorized activity involving an ETH cold wallet. When the incident occurred, the ETH multi-signature cold wallet was transferring money to the hot wallet. Unfortunately, the transaction was manipulated by a complex attack. The attack masks the signature interface and changes the underlying smart contract logic. As a result, an attacker can control the affected ETH cold wallet and transfer its assets to an unknown address.
The Bybit security team is actively investigating the incident with blockchain forensic experts and partners, and any team with expertise in blockchain analytics and fund recovery and who can assist in tracking these assets is welcome to collaborate. Bybit said that all other Bybit cold wallets are absolutely secure, all customer funds are safe, operations are going on as usual, without interruption, and updates will be provided as soon as possible.
According to Onchain Lens, ZachXBT monitors Bybit for security accidents, and $1.44 billion of funds were withdrawn, including:
- 401,347 $ETH, worth $1.12 billion;
- 90,376 $stETH, worth $253.16 million;
- 15,000 $cmETH, worth $44.13 million;
- 8,000 $mETH, worth $23 million.
Bybit CEO: Even if hacker losses cannot be recovered, all customer assets have 1:1 support
Bybit CEO Ben Zhou said Bybit is solvency and that even if hacker losses cannot be recovered, all customer assets have 1:1 support and can be compensated.
Arkham: Bybit was attacked by North Korean hacker group LAZARUS GROUP
Arkham issued an announcement stating that on-chain detective ZachXBT submitted conclusive evidence to its platform that the attack on Bybit was carried out by North Korean hacker group LAZARUS GROUP. His report includes detailed analysis of test transactions and connected wallets used before exploitation, as well as multiple forensic charts and timing analysis. Submissions have been shared with the Bybit team to support their investigation.
Binance CZ responded to Bybit CEO Ben Zhou on X platform, saying: "This is not an easy situation to deal with. The possible advice is to temporarily stop all withdrawals as standard security precautions. If necessary, it will be provided. Any help."
Slow fog cosine disclosed some details of Bybit Safe's multiple signs on X platform: The malicious implementation contract was deployed on UTC 2025-02-19 7:15:23 0xbDd077f651EBe7f7b3cE16fe5F2b025BE2969516
Attacker signed a transaction to replace Safe implementation contract with malicious contract using three owners at UTC 2025-02-21 14:13:35 0x46deef0f52e3a983b67abf4714448a41dd7ffd6d32d32da69d62081c68ad7882
The malicious upgrade logic is embedded in STORAGE[0x0] through DELEGATECALL 0x96221423681A6d52E184D440a8eFCEbB105C7242
The attacker then uses the backdoor functions sweepETH and sweepERC20 in the malicious contract to extract assets in the hot wallet.
Bybit's latest financial audit proves that it has sufficient reserves to cover user assets
Hacken, a Web3 audit agency partnered by Bybit, released a certificate of reserve update, saying that today's hacking attacks are huge and have dealt a heavy blow to the industry. But Bybit's reserves still exceed its liabilities. As its independent PoR auditor, we have confirmed that user funds are still fully supported. This means Bybit has enough reserves to cover all user assets, solvency remains the same, and security and transparency remain top priorities.
Bybit CEO Ben then replied that Hacken conducted an audit of our finances, which can prove that we can use our finances to compensate our customers’ losses.
Data: The total outflow of Bybit today is US$2.235 billion
According to DefiLlama data, Bybit's total outflow today was $2.235 billion, including funds hacked. Even so, they still have over $14 billion of on-chain verified assets, including $5.944 billion in BTC. Previous news, Bybit's latest financial audit proved that it has sufficient reserves to cover user assets.
According to Theblock, Bybit co-founder and CEO Ben Zhou said that all withdrawals from customers will be processed after a $1.4 billion hack. Instead of buying Ethereum, the company relies on partners’ bridge loans, a short-term loan to help entities transition. “In fact, we have received nearly 80% of the stolen Ether as a bridge loan to provide us with liquidity and help us solve liquidity tightening so we can get through this critical period.”
Bybit confirmed that the company lost $1.4 billion after hacked the company's multi-signature cold wallet, an expert called it "the largest cryptocurrency theft ever."
Previous news, 39,998 ETH was transferred from BitGet to Bybit. Coinbase director Conor Grogan tweeted that Binance and Bitget will deposit more than 50,000 ETH directly into Bybit's cold wallet, of which Bitget's deposit is 1/4 of all ETHs on the exchange.
Bybit CEO Ben Zhou said that since the hacker attack (10 hours ago), Bybit has experienced the most withdrawals ever, receiving more than 350,000 withdrawal requests in total, and so far, there are about 2,100 withdrawals. The request is pending. Overall, 99.994% of withdrawals have been completed.
Despite the worst hacks ever (banking, cryptocurrency, finance), all Bybit features and products are still running, and the entire team stayed up all night, processing and answering customer questions and concerns. All staff are on standby.
One hour ago, the 15,000 cmETH unstaking application from Bybit hacker was returned
According to on-chain analyst Ember Monitor, 1 hour ago, the Bybit hacker's 15,000 cmETH unstaking application was returned by a cmETH withdrawal contract. Then the hacker authorized the transaction of cmETH on DODO, but there was no further transaction, perhaps because the liquidity pool of cmETH is very shallow. These 15,000 cmETHs should be intercepted. In addition to these 15,000 cmETHs, Bybit's stolen ETHs are 499,000 (US$1.37 billion), and are scattered by hackers at 51 addresses.
CZ: Binance does not deliver liquidity to Bybit, which may be some whale behavior
In response to the community's voice about Binance sending liquidity to Bybit, CZ said that it could not take credit, and it might be that some whales lend money to Bybit.
MEXC hot wallet transfers 12,652 stETH to Bybit cold wallet in the past hour
On-chain analyst Ember Monitoring, MEXC Hot Wallet directly transferred 12,652 stETH ($33.75M) to Bybit Cold Wallet in the past 1 hour. Bybit should have received 64,452 ETH ($170.73M) loan support at present. From Bitget, an institution that withdraws money from Binance, MEXC.
Multi-sign wallet agreement Safe tweeted that according to ByBit, the transaction information displayed by the Safe{Wallet} UI is correct, but a malicious transaction with all valid signatures was executed on the chain. Safe's survey so far shows:
- No code base vulnerability found: The Safe code base was thoroughly examined and no evidence of vulnerability or modification was found.
- No malicious dependencies found: There is no indication that there is a malicious dependency (i.e., supply chain attack) in the Safe code base that affects transaction flow.
- Unauthorized access to the infrastructure was not detected in the log.
- No other Safe addresses were affected
As mentioned earlier, Safe has temporarily suspended the Safe{Wallet} function to ensure the absolute security of the platform. Although the investigation found no evidence of the attack on the Safe{Wallet} front-end itself, a thorough review is underway.
Bybit CEO Ben Zhou said 12 hours have passed since the worst hack in history. All withdrawals have been processed. The withdrawal system has now fully returned to normal speed, and users can withdraw any amount without any delay.
Bybit will release a complete incident report and security measures in the coming days. Ben Zhou will also personally inform you of any new updates. Thank you for helping and supporting all of our customers, friends and partners during this difficult 12 hours.
Cross-chain bridge Chainflip responds to the Bybit CEO's request on the X platform. It stated: It has tried its best to deal with it, but as a decentralized protocol, it cannot completely block, freeze or redirect any funds. However, some front-end services have been closed to prevent capital flows.
Previous news , Bybit CEO Ben Zhou tweeted that some of the funds had been transferred to Chainflip, calling for the prevention of conversion to other chains, and a bounty plan will be released in the future.
Viewpoint
Fox Business reporter Eleanor Terrett posted on X platform that legal professionals who spoke to him believe that the SEC is trying to reach a settlement rather than directly dismissing the lawsuit to "prove" millions of taxpayers. The money is reasonable and saves some face. In addition, Hester Peirce and Mark Uyeda, two SEC commissioners, did inform Coinbase that it was a real heavy blow to the SEC's enforcement system under Gensler Gensler and Biden.
Binance Lianchuang Heyi stated on the X platform that Binance employees’ purchase and sale limit is 30 days, and they must be sold after 30 days after buying, otherwise it will be considered a violation. This move indirectly led to employees holding BNB together. Later, many employees became rich and lost their hunger after being passively rich. At present, new forces are needed, and they are also reflecting on the policy overcorrection.
Bitget CEO Gracy tweeted that Bybit is a respected competitor and partner. Although the loss this time is huge, it is their profit for a year. I believe that the customer funds are 100% safe, and there is no need to panic or run. It then added that the assets lent to Bybit are Bitget's own and the user's assets will not move.
Kanye: The current market is full of counterfeit coins, and will launch its own coins next week
American producer and rapper Ye (Kanye West) tweeted that all Ye-related memes on the market are fake and will launch their own coins next week.
Important data
Memecoin fraud erodes community trust, Solana’s on-chain user activity drops nearly 40% in February
According to Cointelegraph, Memecoin fraud is weakening community trust, especially the Libra token incident, resulting in a significant decline in Solana user activity. In February, the number of active addresses on the network fell to an average of 9.5 million per week, compared with 2024 The 15.6 million active addresses in November fell by nearly 40%. As confidence in Solana weakens, multimillion-dollar cryptocurrencies are moving from Solana to other blockchains, suggesting that potential capital outflows may have a net positive impact on the long-term growth of the blockchain.
Grayscale transfers 3760 ETH to Coinbase Prime hot wallet address, worth $10.67 million
According to Arkham monitoring data, about 15 minutes ago, Grayscale transferred 3,760 ETH to the Coinbase Prime hot wallet address, worth US$10.67 million. Monitoring shows that these ETHs are Coinbase Prime Deposit addresses transferred from Grayscale Ethereum Exchange-traded funds to Grayscale, and then transferred to hot wallets.
Bybit hackers surpass Fidelity and Vitalik to become the 14th largest ETH holder in the world
Coinbase Director Conor Grogan disclosed data on X platform that Bybit hackers (probably from North Korea) have become the 14th largest ETH holder in the world, and currently holds about 0.42% of the total supply of Ethereum tokens, exceeding Fidelity and Ethereum Vitalik Buterin, co-founder of Fangcang, has ETH holdings and is more than twice the Ethereum Foundation's ETH holdings.
Data: Bybit's capital inflow exceeded US$4 billion in the past 12 hours, covering all stolen funds
According to SoSoValue statistics and the latest monitoring data from the on-chain security team TenArmor, Bybit trading platform has inflowed more than US$4 billion in the past 12 hours, including 63,168.08 ETH, US$3.15 billion in USDT, US$173 million in USDC and 5.25 $100 million in CUSD.
According to the comparative capital inflow data, this capital inflow has completely covered the capital losses caused by yesterday's hacker attack. At the same time, all services of Bybit Exchange, including cash withdrawal function, have returned to normal.
On-chain analyst Ember Monitoring, Bybit hackers have begun to exchange ETH cross-chain exchange tools for other assets in other chains. After the hacker dispersed 5000 ETH to multiple addresses 40 minutes ago, he has washed away 205 ETH through Chainflip.
