North Korea Identified as Culprit Behind Biggest Crypto Hack in History

North Korea’s Lazarus Group has been identified as the mastermind behind a massive $1.4 billion Ethereum heist targeting cryptocurrency exchange Bybit, according to blockchain investigator ZachXBT.

His findings, later confirmed by Arkham Intelligence, traced the attack through a series of test transactions and wallet connections, exposing the hackers’ involvement.

The breach, which compromised Bybit’s cold wallet, resulted in the theft of 401,346 ETH. Despite cold storage being considered more secure, this incident highlights vulnerabilities in crypto security. The stolen assets were quickly dispersed, with at least $200 million in staked Ether (stETH) already offloaded on decentralized exchanges.

Bybit CEO Ben Zhou reassured users that the platform remains financially stable, with all client assets fully backed. However, the hack shook the market, causing Ethereum’s Relative Strength Index (RSI) to drop sharply and triggering a 4% decline in ETH’s price. The broader crypto market also took a hit, reflecting investor caution.

Lazarus Group has a long history of high-profile crypto thefts, allegedly operating under North Korean state sponsorship. Past exploits include the $625 million Ronin Network hack in 2022, the $100 million Horizon bridge breach, and a $300 million attack on Japan’s DMM Bitcoin in 2024. The group continues to evolve its tactics, exploiting weaknesses in digital asset infrastructure.

The Bybit hack underscores the persistent threat posed by North Korean cybercriminals, reinforcing the need for stronger security measures in the industry. In response, the U.S., Japan, and South Korea recently pledged to intensify efforts to counter these attacks and disrupt Lazarus Group’s operations.