North Korean Lazarus Group Hacks Bybit Crypto Exchange for $1.5 Billion

The cryptocurrency world has been rocked by a massive security breach involving the Bybit crypto exchange, with blockchain security experts linking the North Korean Lazarus hacking group to a staggering $1.5 billion theft. On February 21, 2025, the exchange detected unauthorized activity during a routine transfer of funds from its Ethereum cold wallet to a hot wallet, revealing a sophisticated attack that manipulated smart contract logic and compromised the wallet's security.

Blockchain investigator ZachXBT uncovered critical connections between the Bybit hackers and the notorious Lazarus threat group. The investigation revealed that the attackers used an Ethereum address previously implicated in multiple other cryptocurrency exchange hacks, including incidents at Phemex, BingX, and Poloniex. This intricate web of connections suggests a coordinated and systematic approach to cryptocurrency theft by the North Korean hacking collective.

Phemex/Bybit overlap (ZachXBT)

Blockchain intelligence company TRM Labs confirmed with "high confidence" that North Korean hackers were behind the Bybit hack. The attackers employed complex laundering techniques, rapidly moving the stolen funds through numerous cryptocurrency wallets to obscure their origin and complicate tracing efforts. Elliptic, another blockchain analysis firm, noted that the stolen assets were primarily being converted to Bitcoin, potentially preparing for further concealment through mixing services.

The scale of the attack is unprecedented, with over 400,000 ETH and stETH stolen, making it one of the largest crypto heists in history. Despite the massive breach, Bybit claimed that its services remained largely unaffected, with the exchange managing to restore its ETH reserves and maintain operational continuity. The company's CEO emphasized that Bybit remains solvent, though the lost assets may not be fully recovered.

This incident is part of a broader pattern of increasingly sophisticated cryptocurrency attacks by North Korean hacking groups. In December, Chainalysis reported that North Korean hackers had stolen $1.34 billion across 47 crypto heists in 2024, breaking their previous record and demonstrating the regime's growing reliance on cryptocurrency theft as a means of generating revenue.

The crypto community continues to grapple with the implications of this massive breach, raising serious questions about exchange security and the ongoing threat posed by state-sponsored hacking groups. While exchanges and blockchain security firms work to develop more robust protection mechanisms, the Bybit hack serves as a stark reminder of the vulnerabilities that persist in the cryptocurrency ecosystem.

Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: Here are the 5 most contextually relevant blog posts: