×

Crypto’s Largest Theft Ever Traced Back to North Korean Hackers

Crypto’s Largest Theft Ever Traced Back to North Korean Hackers

North Korean Hackers Identified as Culprits in Bybit’s $1.5B Crypto Heist, Reports Confirm

Blockchain intelligence firm Arkham Intelligence has confirmed that North Korea’s state-sponsored hacking collective, Lazarus Group, was responsible for the massive $1.5 billion exploit targeting crypto exchange Bybit. The confirmation came after on-chain investigator ZachXBT provided concrete evidence linking the attack to the notorious cybercrime syndicate.

Earlier, Arkham had offered a 50,000 ARKM token bounty to anyone who could trace the attackers. In a statement on social media platform X, Arkham disclosed that ZachXBT’s analysis included forensic transaction tracking, test transactions, and timing correlations that pointed directly to Lazarus Group.

Crypto’s Largest Heist on Record

The attack has been labeled the biggest crypto theft in history, far surpassing the $611 million stolen from Poly Network in 2021.

According to blockchain analytics provider Nansen, the hackers initially withdrew nearly $1.5 billion in assets from Bybit, consolidating the stolen funds into a single wallet before dispersing them across more than 40 addresses.

“The stolen ETH was converted from stETH, cmETH, and mETH before being systematically transferred in $27 million increments to multiple wallets,” Nansen reported.

Blind Signing Exploit at the Core of the Attack

Security experts have identified “Blind Signing” as the likely attack vector, a vulnerability that allows hackers to execute unauthorized transactions by tricking users into approving malicious smart contract interactions.

“Blind Signing is increasingly becoming the preferred method of attack for state-sponsored hacking groups, including Lazarus,” said Ido Ben Natan, CEO of blockchain security firm Blockaid. “This same exploit was seen in the Radiant Capital and WazirX hacks.”

He emphasized that despite advanced key management systems, many crypto platforms still rely on software interfaces that can be manipulated, exposing users and exchanges to significant risk.

Bybit CEO Addresses the Hack

Bybit CEO Ben Zhou acknowledged the breach in a statement on X, revealing that the attackers had gained control of a cold wallet holding Ethereum assets.

“A specific ETH cold wallet was compromised, and all funds within were transferred to an unknown address,” Zhou stated. However, he reassured users that Bybit remains solvent, even if the stolen funds are not recovered.

With North Korean hacking groups intensifying their attacks on the crypto industry, this incident highlights the ongoing need for enhanced security measures to prevent further large-scale exploits.

Share this content:

Copyright © 2025 CoinsNewz