North Korea’s Lazarus Group has been identified as the mastermind behind a massive $1.4 billion Ethereum heist targeting cryptocurrency exchange Bybit, according to blockchain investigator ZachXBT.
His findings, later confirmed by Arkham Intelligence, traced the attack through a series of test transactions and wallet connections, exposing the hackers’ involvement.
The breach, which compromised Bybit’s cold wallet, resulted in the theft of 401,346 ETH. Despite cold storage being considered more secure, this incident highlights vulnerabilities in crypto security. The stolen assets were quickly dispersed, with at least $200 million in staked Ether (stETH) already offloaded on decentralized exchanges.
Bybit CEO Ben Zhou reassured users that the platform remains financially stable, with all client assets fully backed. However, the hack shook the market, causing Ethereum’s Relative Strength Index (RSI) to drop sharply and triggering a 4% decline in ETH’s price. The broader crypto market also took a hit, reflecting investor caution.
Lazarus Group has a long history of high-profile crypto thefts, allegedly operating under North Korean state sponsorship. Past exploits include the $625 million Ronin Network hack in 2022, the $100 million Horizon bridge breach, and a $300 million attack on Japan’s DMM Bitcoin in 2024. The group continues to evolve its tactics, exploiting weaknesses in digital asset infrastructure.
The Bybit hack underscores the persistent threat posed by North Korean cybercriminals, reinforcing the need for stronger security measures in the industry. In response, the U.S., Japan, and South Korea recently pledged to intensify efforts to counter these attacks and disrupt Lazarus Group’s operations.
Alex Mashinsky, co-founder and former CEO of the defunct crypto lending platform Celsius, is scheduled to be sentenced on May 8, 2025, following his guilty plea to two federal criminal charges late last year.
A decentralized exchange targeted in a multi-million-dollar exploit has recovered its losses just days after the incident, thanks to an unexpected twist involving the hacker themselves.
A recent cyberattack targeting a UK government official’s social media account has highlighted ongoing concerns over digital impersonation and crypto scams.
A former NFT trader is facing potential prison time after admitting to hiding millions in profits from the IRS through undeclared sales of high-value digital assets.