In what’s now considered the biggest crypto hack in history, North Korea’s notorious Lazarus Group has been linked to the $1.5 billion exploit on Bybit. Blockchain intelligence firm Arkham Intelligence confirmed their involvement, citing evidence uncovered by well-known on-chain investigator ZachXBT.
The attackers used a technique called “Blind Signing”, which allows transactions to be approved without full visibility into their details. This led to Bybit’s Ethereum cold wallet being compromised, allowing the hackers to move nearly $1.5 billion worth of assets into a single wallet before spreading them across multiple addresses.
Before Arkham confirmed Lazarus’ involvement, the firm offered a 50,000 ARKM bounty for anyone tracking the perpetrators. ZachXBT provided a detailed analysis, tracing the stolen funds through test transactions and forensic data. His findings left no doubt that the attack was the work of Lazarus.
According to Ido Ben Natan, CEO of security firm Blockaid, Blind Signing attacks are a favorite tactic for sophisticated hackers, including those from North Korea. This method has been used in previous attacks, such as the Radiant Capital and WazirX breaches.
Data from blockchain analytics firm Nansen shows that the stolen assets were initially stored in a primary wallet before being split into over 40 different wallets. The hackers then converted all stETH, cmETH, and mETH holdings to ETH, transferring chunks of $27 million each to more than 10 additional wallets—making it much harder to track or recover the funds.
According to 10x Research, Lazarus isn’t just stealing crypto for profit—their cyberattacks help fund North Korea’s military projects. The U.S. government estimates that as much as 30% of North Korea’s missile program funding comes from stolen cryptocurrency.
North Korea’s hacking program is highly organized—top recruits are selected from a young age, trained intensively, and sent to China for advanced cyber education before being deployed for operations.
Lazarus has been behind some of the largest crypto heists ever, including:
The group constantly adapts to new security measures, using social engineering, malware, and decentralized platforms like Uniswap to move stolen funds without KYC verification.
Shockingly, if North Korea still holds these stolen assets, they would now be the 14th largest holder of Ethereum, surpassing even Ethereum co-founder Vitalik Buterin.
Bybit CEO Ben Zhou confirmed that despite the loss, the exchange remains financially stable. He acknowledged that the hacker had managed to seize control of an ETH cold wallet but assured users that Bybit’s solvency remains intact, even if the stolen funds are not recovered.
With North Korea’s Lazarus Group repeatedly pulling off high-profile crypto heists, the industry faces increasing pressure to bolster security against such sophisticated threats.
Galaxy Digital Inc. (NASDAQ: GLXY), a financial investment firm focused on the crypto market, has…
Something big is happening at the crossroads of AI, blockchain, and public markets, and this…
Historical crypto charts indicate that small coins, costing less than a penny, often experience explosive…
The cryptocurrency world is buzzing with excitement as Ruvi AI (RUVI) gains momentum as a…
The cryptocurrency market is experiencing a pivotal moment as institutional money floods into digital assets…
Bitcoin is currently in a quiet phase. The price has been moving sideways without any…
