N Korea Hackers Steal +$1.4B From Crypto & NFT Market Bybit

Lazarus Group, a notorious hacker group associated with the Northern Korean government, are back in action after stealing more than $1.4 million last year. In yet another unfortunate incident, the notorious hacker group has stolen over $1.4 billion worth of Ethereum from Bybit, one of the leading crypto and non-fungible token market platforms. This is now the biggest theft in NFT and crypto history after stealing over $600 million from Axie Infinity in 2021.

Lazarus Group just connected the Bybit hack to the Phemex hack directly on-chain commingling funds from the intial theft address for both incidents.

Overlap address:
0x33d057af74779925c4b2e720a820387cb89f8f65

Bybit hack txns on Feb 22, 2025:… pic.twitter.com/dh2oHUBCvW

— ZachXBT (@zachxbt) February 22, 2025

N Korea Hackers Steal $1.5B From Bybit

In a February 21 blog post, Bybit Web3, one the world’s most visited cryptocurrency exchanges and non-fungible token market platform, confirmed that its market platform got compromised, and perpetrators walked away with more than $1.4 billion worth of |Ethereum. While commenting about the unfortunate incident, Ben Zhou, the chief executive officer, noted that a hacker “took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address.

Bybit detected unauthorized activity involving one of our ETH cold wallets. The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing…

— Bybit (@Bybit_Official) February 21, 2025

Founded in March 2018, Bybit is one of the prominent digital currency exchanges that allows users to buy, sell, and trade various cryptocurrencies, including Bitcoin, Ethereum, and other digital assets. Bybit crypto exchange has quickly gained popularity for its focus on derivatives trading, particularly perpetual and futures contracts. The platform allows users to trade over 650 cryptocurrencies across spot, margin, and futures.

HACKED pic.twitter.com/fxx3tkzgEQ

— beeple (@beeple) February 21, 2025

Moreover, Bybit has a non-fungible token marketplace that lets users buy, sell, and trade non-fungible tokens. Bybit’s NFT marketplace is designed to be user-friendly, especially for new crypto users. It allows anyone who wants to participate in its NFT marketplace to create an account and get started in a matter of minutes. Bybit NFT Marketplace is a one-stop destination for listing and trading NFTs.

How Did The Hack Happened?

Based on industry crypto scam security experts, the attack appeared to have been caused by something called “Blind Signing,” where a smart contract transaction is approved without comprehensive knowledge of its contents. This attack vector is quickly becoming the favorite form of cyber-attack used by advanced threat actors, including North Korea. While commenting about this form of attack, Ido Ben, the CEO of blockchain security firm Blockaid, remarked:

“The problem is that even with the best key management solutions, today most of the signing process is delegated to software interfaces that interact with dApps. This creates a critical vulnerability — it opens the door for malicious manipulation of the signing process, which is exactly what happened in this attack.”

The notorious hackers have been a significant threat to the crypto and non-fungible token market since early 2021. Some of the most significant scam incidents last year included the theft of the equivalent of $300m in bitcoin from the Japanese cryptocurrency exchange DMM Bitcoin and the loss of nearly $235m from WazirX, an India-based crypto exchange. In 2021, the North Korean hackers were also linked to the P2E NFT game Axie Infinity hack, stealing over $600 million.

During the Axie Infinity Heist, the North Korean hackers transferred $540 million worth of cryptocurrency to themselves for six days, but the company only noticed when a customer could not withdraw their funds. Hackers breached the Ronin Bridge to steal funds. Ronin Network, which is owned by Vietnamese parent company Sky Mavis, allows players to exchange the digital coins they earn in Axie Infinity with other cryptocurrencies like Ethereum.