The crypto industry has recently witnessed a seismic event that has shaken its very foundation. North Korean-affiliated hackers, known for their audacious cyber operations, momentarily slowed their activities in the latter half of 2024, only to gear up for what culminated in the largest crypto hack in history on February 21, 2025. Bybit, a major cryptocurrency exchange, lost over $1.4 billion in this sophisticated cyberattack perpetrated by the infamous Lazarus Group.
This unprecedented breach came amid a notable decline in illicit activities linked to North Korean cyber actors, particularly after July 1, 2024. According to blockchain analytics firm Chainalysis, there was a marked dip in cyber operations, despite a surge earlier in the year. Eric Jardine, Cybercrimes Research Lead at Chainalysis, flagged this slowdown as a potential precursor to the Bybit incident, raising questions about the reasons behind the apparent regrouping of cybercriminal resources.
Insights from Jardine reveal that the decline in hacking activities coincided with significant geopolitical developments, including a summit between Russia and North Korea. This meeting potentially led to a reallocation of North Korean resources—military personnel, for example—towards events such as the ongoing conflict in Ukraine. Such shifts could have influenced the Lazarus Group’s strategy, culminating in meticulously planned operations aimed at high-impact targets like Bybit.
Understanding the Bybit Hack
The attack on Bybit is not just a statistic; it underscores the vulnerabilities inherent in centralized exchanges even when fortified with robust security measures. Analysts indicate that the methodology resembles previous high-profile breaches, including the WazirX hack, which resulted in a loss of $230 million, and the $58 million breach at Radiant Capital.
Meir Dolev, CTO at Cyvers, emphasized that the compromise of Bybit’s Ethereum multisig cold wallet was achieved through deceptive tactics, which manipulated the signers into unknowingly approving a malicious transaction. This critical flaw allowed the hackers to gain control of the wallet, leading to the transfer of all assets to an untraceable address.
Throughout 2024, North Korean hackers were responsible for stealing an estimated $1.34 billion across 47 incidents; a staggering 102% increase from the previous year. This amount constituted 61% of all crypto thefts recorded in that year.
In the aftermath of the Bybit breach, experts remain cautiously optimistic about the potential for recovery. Fortunately, over 80% of the stolen funds were deemed traceable, with ongoing investigations aiming to freeze and retrieve the assets.
As the cryptocurrency sector grapples with the ramifications of these events, it becomes increasingly evident that vigilance and strategic foresight are paramount in defending against the sophisticated tactics employed by orchestrators of such cybercrime.
For those interested in the evolving landscape of cybersecurity in the cryptocurrency space, staying informed and advocating for robust measures is more crucial than ever.
