North Korea-Backed Lazarus Group Executes $1.46 Billion Crypto Heist in Unprecedented Operation

In what is being called the biggest heist in digital currency history, North Korea’s state-sponsored Lazarus Group has stolen approximately $1.46 billion in cryptocurrency from Bybit, one of the world’s leading crypto exchanges. The massive breach, which took place just after 2 p.m. last Friday, has set off alarm bells across the cybersecurity and financial sectors, while investigators track the stolen funds in real-time via blockchain technology.

A Record-Breaking Cyber Heist

Within mere minutes, the attackers exploited a vulnerability during a routine transfer from Bybit’s Ethereum cold wallet to its online hot wallet. By leveraging a sophisticated social engineering attack, the hackers manipulated security personnel through personalized phishing schemes, tricking them into authorizing transactions to wallets controlled by Lazarus. For context, the amount stolen dwarfs previous heists, being nearly 30 times the £53 million taken during the 2006 Securitas depot robbery and exceeding the infamous Iraqi Central Bank theft by hundreds of millions of dollars.

The Tactics Behind the Theft

The Lazarus Group, allegedly backed by North Korea since its inception in 2009, has a notorious history of cyber attacks, including the devastating WannaCry ransomware incident in 2017. According to blockchain security experts, the heist was executed using a common playbook adopted by the group: the attackers employed malware to modify user interfaces on digital wallet applications, such as Safe{Wallet}, while exploiting “blind signing” vulnerabilities in hardware wallets like Ledger. This method allowed the hackers to mask the true nature of the transactions, making it appear as though they were routine transfers.

Within two hours, blockchain analytics firm Elliptic observed the stolen funds dispersing across 50 different wallets, each holding roughly 10,000 ETH. The funds were then systematically laundered through decentralized exchanges via a process known as “layering”—a tactic designed to obfuscate the digital trail and delay detection.

Investigators and Market Response

Blockchain tracking has enabled researchers to follow the funds’ movement in near real-time, yet the sheer volume of assets and the sophisticated laundering techniques employed pose significant challenges. Crypto intelligence platform Arkham noted that the hackers executed multiple transactions every minute for 45 minutes before pausing for 15 minutes, suggesting that the process was not fully automated.

Despite the monumental scale of the theft, Bybit managed to restore its reserve to a 1:1 ratio within 72 hours, ensuring that customer funds were not compromised. In a statement released by the exchange, Bybit expressed gratitude for the support from the crypto community and vowed to leverage the incident as a catalyst for strengthening industry defenses.

A Call to Action Against Cyber Terrorism

The fallout from the heist has spurred an unprecedented response from the crypto industry. Bybit CEO Ben Zhou, whose platform ranks as the second largest crypto exchange by trading volume, has launched a bold initiative—a $140 million bounty aimed at recovering the stolen assets and gathering actionable intelligence on the Lazarus Group. “We have shared in a dark moment of crypto history, and we’ve proven we are better than the malicious actors,” Zhou declared. “We will not stop until Lazarus or bad actors in the industry are eliminated.”

This landmark move could signal the beginning of coordinated global efforts to neutralize one of the world’s most formidable cyber threat actors. As authorities and industry experts intensify their investigations, the international community watches closely, aware that this incident could mark a turning point in the ongoing battle against cyber terrorism and state-backed digital crime.

Photo Credit: DepositPhotos.com