North Korea’s Lazarus Group Suspected in Record-Breaking $1.46B Crypto Theft from Bybit #

On February 21st, 2025, approximately $1.46 billion in cryptoassets were stolen from Bybit, a Dubai-based exchange. Initial reports suggest that malware was used to trick the platform into approving fraudulent transactions. This hack eclipses the $611 million stolen from Poly Network in 2021, making it the largest crypto heist in history. It also surpasses Saddam Hussein’s theft of $1 billion from the Iraqi Central Bank in 2003, placing it among the most significant known thefts of any kind. Investigators have attributed the Bybit theft to North Korea’s Lazarus Group, which has reportedly stolen over $6 billion in cryptoassets since 2017. The group is known for breaching crypto platforms and laundering stolen assets through complex on-chain transactions. Within minutes of the Bybit hack, hundreds of millions in stolen tokens were exchanged for Ether via decentralized exchanges to avoid being frozen by token issuers. The thieves then began “layering” these funds by moving them through multiple wallets, bridging assets across blockchains, and using other services to obscure the transaction trail. While the transparency of blockchains allows investigators to follow the flow of funds, these layering tactics can complicate tracing and buy the launderers valuable time. One major avenue for the laundering has been an exchange called eXch, which offers anonymous crypto swaps and has continued to process these stolen assets despite direct requests from Bybit. As of February 24, much of the stolen Ether has already been converted to bitcoin, potentially to be sent through mixing services for further obfuscation. Efforts to trace and prevent the cashing out of the stolen funds remain ongoing, with the aim of halting any financial benefit to the North Korean regime.