North Korean Hackers Steal $1.5 Billion in Possibly the Largest Crypto Heist

Bybit, one of the largest cryptocurrency exchanges based in Singapore, reported a hack on X involving one of its Ethereum wallets on February 21. Cryptocurrency investigator ZachXBT linked the attack to North Korea’s Lazarus Group, a hacking organization with a history of high-profile breaches.

The attackers, successfully transferred around 401,000 ETH, valued at approximately $1.4 billion at the time, to an unknown address. Experts have described the breach as potentially the largest cryptocurrency theft in history.

The hack occurred during the transfer of funds from acold wallet , which was protected by multi-signature security. The attackers managed to alter the signing interface, which allowed them to display the correct address during the transfer but ultimately violated the smart contract’s logic. This enabled them to access the cold wallet and withdraw the cryptocurrency, which was then distributed to multiple addresses.

Ben Zhou, the founder of Bybit, confirmed that only one wallet was affected, and assured users that the exchange’s operations continued without disruption. However, the hack led to a surge in withdrawal requests, with the exchange processing over 350,000 of them in the first ten hours following the breach.

Using blockchain data, ZachXBT traced the stolen funds to wallets associated with previous Lazarus Group attacks. The group’s involvement was later corroborated by analysts from Elliptic.

The Lazarus Group, which has been active since at least 2009, is widely believed to operate under the direction of the North Korean government. Since being sanctioned by the U.S. in 2019, the group has carried out numerous attacks, including some in Russia. Experts believe that these operations are part of a broader strategy to fund North Korea’s nuclear and missile programs.

Since 2017, Lazarus Group has stolen over $6 billion in cryptocurrency, with funds often funneled into North Korea’s weapons programs. Following the Bybit attack, funds were moved quickly through multiple wallets, with a significant portion of the stolen cryptocurrency converted through anonymous exchanges like eXch .

TRM Labs analyst Nick Carlsen, a former FBI expert on North Korean cyber operations, expressed concern over the scale of the theft, noting the ability of illicit financial networks to move such large sums of money rapidly.

Bybit has offered a 10% reward for information leading to the recovery of the stolen assets. As of now, the exchange has frozen approximately $42 million in stolen funds, with additional assets being traced with the help of the crypto community.

Earlier, Kyrylo Budanov, head of Ukraine’s Defense Intelligence, stated that North Korea is supplying about 50% of the ammunition used by Russian forces in the war against Ukraine.