North Korea’s Lazarus Group has been identified as the mastermind behind a massive $1.4 billion Ethereum heist targeting cryptocurrency exchange Bybit, according to blockchain investigator ZachXBT.
His findings, later confirmed by Arkham Intelligence, traced the attack through a series of test transactions and wallet connections, exposing the hackers’ involvement.
The breach, which compromised Bybit’s cold wallet, resulted in the theft of 401,346 ETH. Despite cold storage being considered more secure, this incident highlights vulnerabilities in crypto security. The stolen assets were quickly dispersed, with at least $200 million in staked Ether (stETH) already offloaded on decentralized exchanges.
Bybit CEO Ben Zhou reassured users that the platform remains financially stable, with all client assets fully backed. However, the hack shook the market, causing Ethereum’s Relative Strength Index (RSI) to drop sharply and triggering a 4% decline in ETH’s price. The broader crypto market also took a hit, reflecting investor caution.
Lazarus Group has a long history of high-profile crypto thefts, allegedly operating under North Korean state sponsorship. Past exploits include the $625 million Ronin Network hack in 2022, the $100 million Horizon bridge breach, and a $300 million attack on Japan’s DMM Bitcoin in 2024. The group continues to evolve its tactics, exploiting weaknesses in digital asset infrastructure.
The Bybit hack underscores the persistent threat posed by North Korean cybercriminals, reinforcing the need for stronger security measures in the industry. In response, the U.S., Japan, and South Korea recently pledged to intensify efforts to counter these attacks and disrupt Lazarus Group’s operations.
The U.S. Department of Justice has sentenced Dwayne Golden, 57, of Pennsylvania to 97 months in prison for orchestrating a fraudulent crypto investment scheme that stole over $40 million from investors.
The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.
A new breed of cyber-attack is sweeping through crypto media, exploiting site pop-ups and wallet-connect prompts instead of smart-contract bugs.
CoinMarketCap, one of the most widely used crypto data tracking platforms, is reportedly facing a front-end security breach, with multiple users encountering a suspicious prompt to verify their wallets.