North Korea’s Lazarus Group has been identified as the mastermind behind a massive $1.4 billion Ethereum heist targeting cryptocurrency exchange Bybit, according to blockchain investigator ZachXBT.
His findings, later confirmed by Arkham Intelligence, traced the attack through a series of test transactions and wallet connections, exposing the hackers’ involvement.
The breach, which compromised Bybit’s cold wallet, resulted in the theft of 401,346 ETH. Despite cold storage being considered more secure, this incident highlights vulnerabilities in crypto security. The stolen assets were quickly dispersed, with at least $200 million in staked Ether (stETH) already offloaded on decentralized exchanges.
Bybit CEO Ben Zhou reassured users that the platform remains financially stable, with all client assets fully backed. However, the hack shook the market, causing Ethereum’s Relative Strength Index (RSI) to drop sharply and triggering a 4% decline in ETH’s price. The broader crypto market also took a hit, reflecting investor caution.
Lazarus Group has a long history of high-profile crypto thefts, allegedly operating under North Korean state sponsorship. Past exploits include the $625 million Ronin Network hack in 2022, the $100 million Horizon bridge breach, and a $300 million attack on Japan’s DMM Bitcoin in 2024. The group continues to evolve its tactics, exploiting weaknesses in digital asset infrastructure.
The Bybit hack underscores the persistent threat posed by North Korean cybercriminals, reinforcing the need for stronger security measures in the industry. In response, the U.S., Japan, and South Korea recently pledged to intensify efforts to counter these attacks and disrupt Lazarus Group’s operations.
An extensive international cybercrime network has been brought down after law enforcement seized 145 domains linked to BidenCash, a notorious online marketplace that thrived on trading stolen credit card data and compromised digital identities.
Hackers in the crypto world are changing course, moving away from exploiting smart contracts and turning their focus toward tricking users directly.
Coinbase is now facing mounting scrutiny after it allegedly sat on a serious data breach for over four months, exposing the personal information of nearly 70,000 users before taking action.
A major security lapse has rocked Taiwan-based crypto exchange BitoPro, which quietly suffered an $11.5 million hack earlier in May but failed to alert users for weeks.