Several blockchain monitoring firms, including cryptocurrency investigator ZachXBT, have pointed at the North Korean government hacking group Lazarus Group as the principle culprit in a USD$1.4 billion cryptocurrency heist over the weekend.
On Friday, hackers stole USD$1.4 billion in Ethereum cryptocurrency from cryptocurrency exchange Bybit, which is now largely considered to be the biggest crypto theft of all time.
Just hours after noticing the first signs of the hack, ZachXBT was the first to assign blame. He traced the stolen cryptocurrency from Bybit to wallets that hackers had previously used in attacks on Phemex, BingX, and Poloniex, all linked to North Korea.
Elliptic, the blockchain monitoring firm, concurs.
Elliptic believes North Korean hackers carried out the attack, citing its analysis of how the stolen cryptoassets were laundered. The company added that Lazarus Group follows a distinct pattern when laundering stolen cryptocurrency.
North Korea remains a prolific crypto thief. A United Nations panel has linked the regime’s hackers to at least 58 crypto heists. According to the governments of the United States, Japan, and South Korea, Kim Jong-Un’s regime stole more than USD$650 million through multiple crypto hacks and heists in 2024.
Bybit immediately reassured its customers that their cryptocurrency holdings were safe. Furthermore, Bybit said on social media that it would refund all affected users.
Read more: Multiple states put together bills to make Bitcoin a reserve asset
Read more: Sol Strategies chosen as sole staking provider for Solana ETF
News of the hack causes run on the exchange
Bybit is the world’s second-largest cryptocurrency exchange by trading volume with over 60 million users. It reported that news of the hack triggered a surge in withdrawal requests.
Zhou said that customers submitted more than 350,000 withdrawal requests, which could cause processing delays.
The hack occurred during a routine Ethereum transfer from an offline “cold” wallet to a “warm” wallet used for daily trading. An attacker exploited security controls and managed to transfer the assets. Zhou confirmed that the hack did not affect any other wallets on the exchange.
Ethereum’s price dropped nearly 4 per cent but has since nearly recovered to previous levels following news of the hack.
Bybit has also called on “the brightest minds in cybersecurity and crypto analytics” to help recover the stolen funds.
The Lazarus Group has carried out several major cyberattacks.
In 2014, they orchestrated the Sony Pictures hack, leaking internal documents and emails in retaliation for the film The Interview.
In 2016, they attempted to steal nearly USD$1 billion from Bangladesh Bank. They successfully transferred USD$81 million before authorities intervened. More recently, in 2022, investigators linked the Lazarus Group to the USD$620 million Ronin Network hack, which targeted the blockchain behind the Axie Infinity metaverse. These attacks highlight North Korea’s reliance on cybercrime to fund its regime.
