North Korea’s infamous Lazarus hacking group has been linked to a massive $1.5 billion cryptocurrency theft from the exchange Bybit. Experts say this is now the biggest crypto heist in history.

The attack happened on February 21, 2025, when hackers intercepted a routine transfer from one of Bybit’s cold wallets to a hot wallet. According to Bybit, the attackers manipulated the smart contract logic, altered the signing process, and took control of the Ethereum cold wallet. As a result, over 400,000 ETH and stETH—worth more than $1.5 billion—were sent to an unknown address.

Bybit quickly responded, assuring users that its platform remained stable despite the breach and a flood of 580,000 withdrawal requests. The company has since restored its Ethereum reserves, and its CEO confirmed that Bybit is financially secure, even if the stolen assets are not recovered.


Blockchain investigator ZachXBT uncovered connections between the Bybit hackers and Lazarus after finding that stolen funds were sent to an Ethereum address previously linked to other exchange hacks, including Poloniex, Phemex, and BingX. Further research revealed that the attackers used meme coins to launder the funds, moving them across more than 920 blockchain addresses. They also used the crypto mixing service eXch and converted some funds to Bitcoin via Chainflip.

TRM Labs, a blockchain intelligence firm, confirmed with “high confidence” that North Korean hackers were behind the attack, citing strong overlaps between the addresses used in the Bybit hack and those involved in past North Korean cyber thefts. Another analysis firm, Elliptic, reported that Lazarus hackers have already started moving the stolen assets across multiple wallets to cover their tracks.

READ
Health Net Federal Services to Pay $11.25M Over False Cybersecurity Compliance Claims

Tom Robinson, co-founder of Elliptic, said that one exchange, eXch, appears to have knowingly laundered tens of millions of dollars in stolen crypto, despite Bybit’s efforts to block the transactions. However, eXch denied the accusation, claiming any funds from the Bybit hack that ended up on its platform were an isolated case.