While crypto exchanges around the world tightened their security measures in early 2025, North Korea’s elite Lazarus Group pulled off their most audacious heist yet. On February 22, they managed to swipe a staggering $1.46 billion in Ethereum from Bybit’s cold storage – making it the largest crypto theft in history. Talk about going big or going home.
The hack was a masterclass in digital deception. Using a “blind signing” vulnerability, these cyber wizards manipulated the signing interface and tricked Bybit’s security team into approving what looked like a legitimate transaction. Spoiler alert: it wasn’t. The funds were quickly scattered across more than 40 wallets, then methodically transferred in $27 million chunks. Pretty smooth for a country that can barely keep its lights on. TRM Labs immediately created a tracking entity to monitor the stolen assets.
North Korea’s hackers proved surprisingly sophisticated, scattering billions across dozens of wallets while their own citizens sit in darkness.
Researchers, including the crypto detective ZachXBT, linked the attack to North Korea’s infamous Lazarus Group. The method matched their previous attacks on WazirX and Radiant Capital. It’s part of their ongoing campaign to fund their nuclear weapons program – because apparently, traditional fundraising methods just aren’t cutting it anymore. Like many centralized exchanges, Bybit’s custody of user private keys made it an attractive target for hackers.
The impact on Bybit was severe but not fatal. The exchange lost 70% of its Ethereum holdings but managed to secure 80% of the stolen funds through bridge loans. CEO Ben Zhou confirmed the incident through social media. They’re still operating, though their “unhackable” cold wallet marketing might need a slight revision.
The crypto market reacted predictably – with panic. Ethereum dropped 4% as traders processed the news. When Bybit announced they wouldn’t immediately buy back the stolen ETH, the bears came out to play.
This heist dwarfs the previous record holder – the $611 million Poly Network hack. It’s also part of North Korea’s impressive crypto-stealing spree, adding to their $800 million haul in 2024 alone. Who needs legitimate international trade when you can just hack your way to billions?
The attack proves one thing: in the wild west of crypto, even cold wallets aren’t safe from determined state-sponsored hackers with a flair for the dramatic.
