Record-Breaking $1.5 Billion Cryptocurrency Heist Attributed to North Korean Hackers
The Largest Cryptocurrency Theft in History
In an audacious move, the cryptocurrency exchange Bybit suffered an unprecedented blow on February 21, 2025, when hackers made off with $1.5 billion worth of Ethereum (ETH) and stETH. This heist marks the largest cryptocurrency theft on record, dwarfing previous incidents in both scale and complexity.
This breach occurred during what should have been a routine transfer of digital assets from a cold wallet to a hot wallet. However, the assailants, later revealed to be the notoriously competent North Korean Lazarus Group, utilized sophisticated techniques to exploit vulnerabilities in the smart contract’s logic. By subverting and manipulating the smart contract, they were able to mask their actions and effectively siphon off over 400,000 ETH and stETH into an address under their control.
Unmasking the Culprits
The FBI, working alongside blockchain analysts, quickly attributed this bold theft to the Lazarus Group, a hacking faction with known ties to North Korean state intelligence. This group has a storied history of engaging in cyber warfare to financially benefit the nation, often targeting financial institutions to bypass global sanctions and financially sustain other covert activities.
This isn't the first time the Lazarus Group made headlines. They were previously linked to the infamous 2022 Axie Infinity Ronin bridge hack and several other significant cyber heists. Across 47 attacks in 2024 alone, North Korean hackers reportedly amassed $1.34 billion. Such operations highlight a concerning pattern of using cryptocurrency theft as a means to evade international constraints and gain financial leverage on a global stage.
In the aftermath of the incident, Bybit took rapid action to ensure liquidity and restore their reserves. Despite an avalanche of withdrawal requests amounting to about 580,000 from anxious clients, the exchange declared client assets secure and emphasized its capacity to handle these unforeseen events without collapsing.
Not stopping at the initial theft, the hackers exhibited dexterous financial acumen by laundering the stolen funds meticulously. Reports indicate they employed mixing services, like eXch, and strategically bridged Ethereum into Bitcoin. This evasive maneuver stretched across more than 920 different crypto addresses, complicating efforts by tracing agencies to track down the assets fully.
Bybit's CEO has reassured customers and stakeholders of the firm's resilience, insisting that, thanks to comprehensive security protocols and financial reserves, they remain solvent. However, the ramifications of this breach are a stark reminder of the persistent and evolving threat that state-sponsored cybercriminals pose to financial ecosystems worldwide.