The Infamous Hacker Behind the $1.5 Billion Theft from Bybit
In a stunning digital heist that sent shockwaves through the cryptocurrency world, North Korea‘s notorious Lazarus Group pulled off their biggest crypto theft yet, stealing $1.5 billion worth of Ethereum from the Bybit exchange. The attack, which occurred just days ago on February 21st, 2025, has become the latest chapter in North Korea’s ongoing cyber warfare campaign.
Meet the Mastermind
At the heart of this tale is Park Jin Hyok, a brilliant but notorious cybercriminal mastermind. A graduate of Kim Chaek University, Park is already infamous for orchestrating the 2017 WannaCry ransomware attack that affected 150 countries. Now, he and his team have executed what might be their most sophisticated operation yet.
Digital Sleight of Hand
The heist itself was like something out of a high-tech thriller. The Lazarus Group began by creating a perfect clone of Bybit’s multisignature approval system; imagine a counterfeit key so precise that even the lock’s owner couldn’t tell the difference. Security teams at Bybit unknowingly approved what looked like routine transfers, not realising they were actually handing over the keys to the kingdom.
Once they had access, the hackers worked with surgical precision. They altered the smart contracts controlling Bybit’s cold wallet. This is traditionally considered the Fort Knox of crypto storage. They then methodically drained 400,000 Ethereum tokens. To cover their tracks, they split the stolen funds across 53 different wallets, like a thief breaking up stolen jewellery to make it harder to trace.
Following the Digital Breadcrumbs
Blockchain detective ZachXBT was the first to spot something amiss, flagging suspicious transfers and eventually linking them to two critical wallets. The investigation revealed connections to previous attacks on other exchanges, confirming the Lazarus Group’s signature style.
Bybit’s Response
Bybit has responded to the crisis by freezing $42.89 million of the stolen assets and promising to make their users whole. Though they’ll need to borrow funds to do it. The incident has sparked intense debate about the security of centralised exchanges and highlighted the ongoing challenge of protecting digital assets from state-sponsored hackers.
State-Sponsored Crime
For North Korea, this heist represents more than just stolen cryptocurrency – it’s part of a larger strategy to fund their military operations through cybercrime. Since 2017, the Lazarus Group has stolen over $3 billion in crypto assets, targeting everything from major exchanges to individual wallets.
Global Manhunt
As the dust settles, the international community is ramping up efforts to combat these state-sponsored attacks. The U.S. and South Korea are leading the charge, though Pyongyang‘s denials and the group’s sophisticated encryption methods make prosecution challenging.
Lessons for the Future
The message for crypto investors is clear: in this digital age, even the most secure vaults can be breached. The best defence is vigilance and spreading assets across multiple wallets and exchanges, enabling every available security feature, and staying alert to unusual activity.
This may be the Lazarus Group’s biggest heist yet, but as long as cryptocurrencies hold value, it’s unlikely to be their last.
