Advertise
Debashree Patra
Debashree Patra
Author
- Feb 22, 2025 06:39 UTC
-
Biggest Crypto Hack Ever: North Korea’s Lazarus Group Steals $1.5B from Bybit!
North Korean Lazarus Group linked to a $1.5 billion Bybit crypto hack using "Blind Signing," a method to approve transactions without full visibility.
Stolen funds were meticulously moved through numerous wallets and converted to ETH, complicating recovery.
These state-sponsored cyberattacks, aimed at funding North Korea's military, show need for enhanced crypto security measures.
In what’s now considered the biggest crypto hack in history, North Korea’s notorious Lazarus Group has been linked to the $1.5 billion exploit on Bybit. Blockchain intelligence firm Arkham Intelligence confirmed their involvement, citing evidence uncovered by well-known on-chain investigator ZachXBT.
The attackers used a technique called “Blind Signing”, which allows transactions to be approved without full visibility into their details. This led to Bybit’s Ethereum cold wallet being compromised, allowing the hackers to move nearly $1.5 billion worth of assets into a single wallet before spreading them across multiple addresses.
The Hunt for the Hackers
Before Arkham confirmed Lazarus’ involvement, the firm offered a 50,000 ARKM bounty for anyone tracking the perpetrators. ZachXBT provided a detailed analysis, tracing the stolen funds through test transactions and forensic data. His findings left no doubt that the attack was the work of Lazarus.
Blind Signing: A Growing Security Risk
According to Ido Ben Natan, CEO of security firm Blockaid, Blind Signing attacks are a favorite tactic for sophisticated hackers, including those from North Korea. This method has been used in previous attacks, such as the Radiant Capital and WazirX breaches.
Data from blockchain analytics firm Nansen shows that the stolen assets were initially stored in a primary wallet before being split into over 40 different wallets. The hackers then converted all stETH, cmETH, and mETH holdings to ETH, transferring chunks of $27 million each to more than 10 additional wallets—making it much harder to track or recover the funds.
North Korea’s Cyberwarfare & Financial Motivations
According to 10x Research, Lazarus isn’t just stealing crypto for profit—their cyberattacks help fund North Korea’s military projects. The U.S. government estimates that as much as 30% of North Korea’s missile program funding comes from stolen cryptocurrency.
North Korea’s hacking program is highly organized—top recruits are selected from a young age, trained intensively, and sent to China for advanced cyber education before being deployed for operations.
Lazarus has been behind some of the largest crypto heists ever, including:
- Ronin Network ($625M)
- KuCoin ($285M)
- Binance Bridge ($570M)
The group constantly adapts to new security measures, using social engineering, malware, and decentralized platforms like Uniswap to move stolen funds without KYC verification.
Shockingly, if North Korea still holds these stolen assets, they would now be the 14th largest holder of Ethereum, surpassing even Ethereum co-founder Vitalik Buterin.
Bybit Responds
Bybit CEO Ben Zhou confirmed that despite the loss, the exchange remains financially stable. He acknowledged that the hacker had managed to seize control of an ETH cold wallet but assured users that Bybit’s solvency remains intact, even if the stolen funds are not recovered.
With North Korea’s Lazarus Group repeatedly pulling off high-profile crypto heists, the industry faces increasing pressure to bolster security against such sophisticated threats.
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.
Yes 
No 
