Hey there, PoI readers! 💫

It's your favorite crypto connoisseur, Mochi, back with another serving of tantalizing tech and web3 news. Today we're diving into SBF's surprising social media return, Bybit's impressive recovery from a massive hack, South Korea's regulatory crackdown on Upbit, and a fascinating breakdown of how North Korean hackers pulled off one of crypto's biggest heists. So grab your favorite beverage and settle in for today's digital digest!

Learn AI in 5 minutes a day

This is the easiest way for a busy person wanting to learn AI in as little time as possible:

1. Sign up for The Rundown AI newsletter

2. They send you 5-minute email updates on the latest AI news and how to use it

3. You learn how to become 2x more productive by leveraging AI

Sign up to start learning.

INTEL BRIEF

🟧 Former FTX CEO Sam Bankman-Fried posted on X for the first time since his sentencing, causing a brief 30% pump in FTX Token despite having no direct relation to the exchange.

🟧 Bybit swiftly repaid a 40,000 ETH loan from Bitget within three days after suffering a massive $1.4 billion hack allegedly orchestrated by North Korea's Lazarus Group.

🟧 South Korea's Financial Intelligence Unit imposed a three-month restriction on Upbit for new customers' crypto transactions due to violations of regulations regarding unregistered service providers.

🟧 Chainalysis has revealed how the Lazarus Group stole $1.46 billion from Bybit through social engineering and contract manipulation, with $40 million of stolen funds already frozen.

SBF tweets from prison and triggers ftx token pump

SBF, currently enjoying his 25-year all-inclusive stay at Brooklyn's Metropolitan Detention Center, broke his silence on February 25th with a post that had absolutely nothing to do with cryptocurrency. Instead, he offered a sympathetic nod to government employees, noting he too hasn't "checked his email in a few hundred days.

The fallen crypto mogul continued his return to social media with some philosophical musings on the challenges of firing people, stating it "sucks for everyone involved" and that often "the company just doesn't have the right job for them." This profound wisdom was seemingly directed at Elon Musk's recent email campaign through the US Department of Government Efficiency, where government workers were asked to respond with their weekly accomplishments or risk unemployment.

Despite SBF's post having literally zero connection to the operations of the now-defunct FTX exchange, traders apparently got so excited about seeing their old friend's avatar that FTX Token (FTT) surged from $1.63 to over $2 – a whopping 30% increase! This financial euphoria lasted approximately as long as most New Year's resolutions, with the token retreating to $1.75 within about 30 minutes.

FTT is still down more than 97% from its all-time high of $85.02 in September 2021, before the exchange spectacularly imploded in November 2022.

SBF's last post before his recent return was on January 19, 2023, regarding his drafted congressional testimony. He also retweeted a post from crypto lawyer James Murphy discussing legal matters related to his trial.

Meanwhile, according to anonymous sources reported by Bloomberg News, SBF's parents are apparently seeking a presidential pardon for their son, meeting with lawyers and figures close to the Trump administration. This comes after President Trump recently pardoned Silk Road founder Ross Ulbricht, who had served 11 years of a double life sentence.

Sam Bankman-Fried posted on X for the first time since his sentencing, discussing firing employees and government efficiency rather than crypto

FTX Token (FTT) briefly pumped 30% following the post before quickly returning to near previous levels

SBF's parents are reportedly seeking a presidential pardon for their son who is currently serving a 25-year sentence

Bybit repays 104 million dollar emergency loan after massive hack

North Korea's notorious Lazarus Group. Despite having their digital pockets picked for over a billion dollars, Bybit managed to keep its cool, replenishing stolen assets and maintaining operations with minimal disruption.

Bybit temporarily borrowed 40,000 ETH (worth approximately $104 million) from Bitget to ensure customer withdrawals continued smoothly. This financial lifeline was confirmed by blockchain sleuth Lookonchain on February 22nd.

In a heartwarming display of crypto solidarity that would make even the most hardened blockchain skeptics shed a tear, Bitget CEO Gracy Chen confirmed on February 25th that Bybit had fully repaid the loan, emphasizing the no-strings-attached nature of the transaction:

"No interest, no collateral—this was simply about supporting a peer in need. Great to see Bybit fully recovered, and we never doubted the return of the loan."

Bybit's recovery efforts were nothing short of impressive, with the exchange receiving approximately 446,870 ETH (around $1.23 billion) through a combination of loans, whale deposits, and asset purchases according to Lookonchain. This accounted for nearly 88% of the stolen funds.

The loan ensured customers could withdraw funds without interruption, though that didn't stop nervous investors from pulling out more than $5 billion on February 22nd alone. Despite this massive exodus, proof-of-reserve auditor Hacken confirmed that Bybit's reserves still exceed its liabilities and user funds remain fully backed.

Meanwhile, crypto detective ZachXBT linked the Bybit exploit to North Korea's Lazarus Group, earning himself a bounty of 50,000 Arkham tokens for his investigative work. Security analysts suspect the stolen funds may soon be making their way through cryptocurrency mixing services – the digital equivalent of a money laundering car wash – a favorite tactic of the Lazarus Group to cover their tracks.

Bybit repaid a 40,000 ETH ($104 million) interest-free, no-collateral loan from Bitget within three days of suffering a $1.4 billion hack

The exchange managed to recover nearly 88% of stolen funds through loans, whale deposits, and asset purchases

North Korea's Lazarus Group is believed to be behind the attack, with investigators tracking potential connections to previous exchange hacks

South korean regulators ban upbit from accepting new customers

The FIU dropped this regulatory bombshell on February 25th, imposing a three-month restriction on cryptocurrency deposits and withdrawals for new Upbit customers. This digital detention comes in response to Upbit's apparent inability to follow South Korea's "don't play with sketchy friends" policy - specifically, the exchange violated regulations that prohibit facilitating transactions with unregistered crypto asset service providers (CASPs).

Upbit, trying its best to look contrite, quickly posted an apologetic statement on its website, essentially saying "our bad, we're working on it" to customers who might be inconvenienced by this regulatory slap on the wrist.

In its public mea culpa, Upbit admitted that the FIU's sanctions prevent new customers from transferring crypto assets based on findings from on-site inspections conducted earlier this year. However, the exchange was quick to point out that they've already "reviewed the necessary improvements" and "completed the measures" in response to the financial authorities' concerns.

Upbit emphasized that some "specific facts and circumstances" weren't fully considered when determining the scope of sanctions, suggesting that amendments might be possible:

"The sanctions imposed this time may be subject to change through procedures in accordance with relevant regulations, and if the effect of the relevant measures is suspended or terminated, new members will also be able to use Upbit's services without restrictions."

The exchange promised to keep users updated if it manages to convince authorities to soften the punishment. Translation.

This three-month partial business suspension follows local reports that the FIU had notified Upbit in January about possible punitive measures related to alleged Know Your Customer (KYC) violations. South Korean regulators previously reported in November 2024 that they had identified up to 600,000 breaches in Upbit's client identification procedures.

Founded in 2017, Upbit has established itself as one of South Korea's largest crypto exchanges, currently ranking as the 23rd top global exchange by trust score on CoinGecko. However, since January, Upbit's daily trading volumes have plummeted by approximately 70%, now standing at $4.6 billion.

South Korea's Financial Intelligence Unit (FIU) imposed a three-month restriction on Upbit, preventing new customers from making crypto deposits and withdrawals

The sanctions were issued for Upbit's violations of regulations prohibiting transactions with unregistered crypto asset service providers

Upbit claims the sanctions may be subject to change and comes amid allegations of up to 600,000 KYC violations, while the exchange has seen a 70% drop in trading volume since January

Blockchain sleuths expose how hackers stole 1.46 billion from bybit

The February 21st cyber robbery, which security platform Blockaid has crowned the largest exchange hack ever (a title no one wants to win), involved enough ETH and other tokens to fund several small countries. Blockchain sleuth ZachXBT was quick to point the finger at North Korea's Lazarus Group, a conclusion Chainalysis confirmed in their February 24th exposé of the digital break-in.

According to Chainalysis, the hackers followed what they call a "common playbook" – think Ocean's Eleven but with more keyboards and fewer George Clooneys. The attack kicked off with good old-fashioned phishing targeting Bybit's cold wallet signers. Once they had their digital foot in the door, the attackers gained access to Bybit's user interface and pulled off the crypto equivalent of a highway detour sign swap – replacing a legitimate multisignature wallet implementation contract with their own malicious version.

With their trap set, the hackers waited for the perfect moment – intercepting a routine transfer from Bybit's Ethereum cold wallet to a hot wallet. Instead of reaching its intended destination, approximately 401,000 ETH worth $1.46 billion was rerouted to the attackers' addresses.

The stolen digital treasure was then split across multiple intermediary wallets in what Chainalysis described as a deliberate strategy to muddy the waters:

"The stolen assets were then moved through a complex web of intermediary addresses. This dispersion is a common tactic used to obfuscate the trail and hinder tracking efforts by blockchain analysts."

Not content with just ETH, the hackers converted portions of their ill-gotten gains into Bitcoin and Dai, using decentralized exchanges, crosschain bridges, and an instant swap service with no Know Your Customer (KYC) requirements to hop between different networks.

Currently, much of the stolen funds remain dormant across multiple addresses – a waiting game that Chainalysis says is typical of North Korean hackers who aim to "outlast the heightened scrutiny" following high-profile breaches.

In a silver lining to this crypto cloud, blockchain's inherent transparency has allowed cybersecurity firms to track the hackers' movements. Chainalysis has already collaborated with industry contacts to freeze over $40 million of the stolen funds and pledges to continue working with both public and private sectors to recover as much as possible.

The firm emphasized that this massive heist highlights the critical need for exchanges to invest in threat prevention and clearly articulate to both regulators and users how they protect customer funds. In other words: maybe don't keep $1.46 billion behind a phishable door.

North Korea's Lazarus Group stole $1.46 billion from Bybit by phishing cold wallet signers and replacing a multisignature wallet contract with a malicious version

The hackers distributed stolen funds across multiple wallets and converted ETH to other cryptocurrencies using DEXs and crosschain bridges with no KYC requirements

Collaborative security efforts have already frozen $40 million of the stolen funds, with Chainalysis emphasizing the need for better threat prevention and transparency in fund protection

And that's a wrap, my lovely PoI readers! I hope this edition left you feeling informed, entertained, and maybe even a little bit richer (in knowledge, of course). From jailed CEOs tweeting to billion-dollar hacks being traced, the crypto world never sleeps - and neither does PoI! Remember to stay curious, stay informed, and keep spreading the love. Until next time, this is Mochi, signing off with a virtual high-five!

P.S. Don't forget to share your thoughts, questions, and favorite crypto puns with us. very voice matters in the PoI community!

🍨📰 Catch you in the next issue! 📰🍨