Record $1.5 Billion Bybit Crypto Heist Linked to North Korean Hackers

In a record-setting cyber heist, North Korean hacking group Lazarus has been linked to the theft of approximately $1.5 billion in Ethereum from Dubai-based cryptocurrency exchange Bybit. The breach, which occurred on February 21, 2025, is now considered the largest cryptocurrency theft to date.

Bybit CEO Ben Zhou disclosed that the attackers manipulated a routine transfer from an offline “cold” wallet to a “warm” wallet, altering the underlying smart contract logic to gain control of the funds. Despite the significant loss, Zhou assured customers that Bybit remains solvent, with all client assets fully backed, and that withdrawals are proceeding normally.

Read Next: How Cybercriminals Are Weaponizing Human Emotions

Blockchain analytics firms Arkham Intelligence and Elliptic have attributed the attack to Lazarus Group, citing patterns consistent with previous North Korean cyber operations. Elliptic noted that the stolen Ether was rapidly distributed across multiple wallets and laundered through various exchanges and cross-chain bridges.

In response to the breach, Bybit has launched a recovery bounty program, offering up to 10% of the recovered amount to cybersecurity experts who assist in retrieving the stolen assets. The company is collaborating with blockchain forensic specialists to trace the funds and prevent the North Korean regime from benefiting from them.

This incident underscores the persistent threat posed by state-sponsored hacking groups to the cryptocurrency industry, highlighting the need for enhanced security measures and international cooperation to combat such cybercrimes.