North Korean hackers have struck again—this time making off with a staggering $1.5 billion in Ethereum from Bybit exchange. The February 21, 2025 attack marks the largest cryptocurrency heist in history. Because apparently breaking previous records wasn’t enough for them.
North Korea’s hackers just set a new high score in crypto theft—$1.5 billion from Bybit. Achievement unlocked.
The FBI officially pinned the blame on North Korea’s notorious Lazarus Group on February 26. These guys have many aliases—TraderTraitor, APT38, BlueNoroff, Stardust Chollima—like a digital criminal with multiple passports. Blockchain analysis firms Elliptic and TRM Labs backed up the FBI’s claims, while researcher ZachXBT linked the stolen funds to Ethereum addresses used in previous Lazarus hacks.
The attack was sophisticated. Hackers targeted Bybit during a routine transfer between cold and hot wallets, exploiting a vulnerability using signing interface masking. They gained access through spear-phishing and compromised a Safe{Wallet} developer machine. Classic move.
The thieves made off with approximately 401,000 Ethereum coins worth $1.46 billion. But holding Ethereum wasn’t the endgame. They quickly laundered the funds through various wallets and converted significant portions to Bitcoin and other cryptocurrencies using decentralized exchanges. The final tally? A whopping 6,706 Bitcoin.
Their laundering techniques were textbook North Korean crypto-crime: multiple wallets, Sinbad mixer, structured payments of similar sizes, then off to OTC brokers. The attack follows Lazarus Group’s evolution from traditional hacking to crypto-focused activities that exploit the relatively unregulated digital currency space. Efficient. Methodical. Frustrating for investigators. Converting the stolen assets requires 24/7 cryptomining operations that validate these illicit blockchain transactions. The attackers deliberately retained substantial amounts of cryptocurrency for future laundering opportunities.
Bybit hasn’t taken this lying down. They’ve recovered over $40 million, secured additional funds to restore assets to 100%, and offered a 10% reward for recovery. The FBI has urged the crypto community to block transactions from identified addresses.
This isn’t Lazarus Group’s first rodeo. They’ve stolen over $6 billion in crypto since 2017, with $1.34 billion taken in 2024 alone. The proceeds reportedly fund North Korea’s ballistic missile program—because nuclear ambitions don’t pay for themselves.
The incident highlights the persistent vulnerabilities in cryptocurrency transfer processes. No matter how secure you think your system is, there’s always someone working harder to break it.
