The crypto market is currently being shaken by news of the hacking of one of the world’s largest crypto exchanges, Bybit. The hacking occurred on Friday night, February 21, 2025, United States time. Allegations have come and gone that the hacker is the Lazarus hacker group, a hacker from North Korea.
Lazarus Hacker Group Successfully Hacks Bybit Cold Wallet
From the hacking, the perpetrators managed to control Bybit Ethereum cold wallet. They hacked by manipulating smart contracts and stealing funds worth more than USD 1.46 billion (around IDR 23.8 trillion)
This incident not only triggered panic among investors but also ended up causing the price of Bitcoin (BTC) to plummet significantly in a very short time.
According to the disclosure of Bybit CEO, Ben Zhou, this attack was carried out by deceiving the wallet signatory. The fraud uses a fake user interface designed to trick the security system.
This technique is known as “Blind Signing”, where smart contract transactions have been approved without a full understanding of the contents of the transaction.
Popular Methods in Hacker Groups
In this case, Blockchain security firm Blockaid also explained that the method is increasingly popular among advanced threat actors, including the Lazarus hacker group, a North Korean hacker group.
Blockchain analytics firm Arkham Intelligence openly stated that the North Korean-funded Lazarus Group was the mastermind behind the Bybit hack.
Keyakinan Arkham
Arkham believes this after on-chain investigator ZachXBT submitted forensic evidence that supports claims related to North Korea’s involvement in the Bybit hack.
“The evidence submitted includes a detailed analysis of test transactions and connected wallets used before the exploit. As well as forensic graphs and time analysis,” Arkham wrote in his statement.
Previously on the X social media platform, Arkham offered a reward of 50,000 ARKM tokens for anyone who could identify the perpetrators of the attack related to the hack on Friday. This hack rocked the crypto market and caused most crypto asset prices to fall.
Tom Robinson, co-founder and chief scientist at Elliptic, called the incident “the largest crypto theft in history, by a fair margin.”
“The next largest crypto theft was the $611 million theft from Poly Network in 2021. It may be the largest single theft in history,” Robinson added.
Blockchain data provider Nansen also told CoinDesk that the perpetrators first withdrew nearly $1.5 billion from exchanges into a single master wallet, then spread it out across multiple wallets.
“The stolen funds were first moved into a master wallet, which then distributed them across over 40 wallets,” Nansen said.
“The perpetrators converted all of the stETH, cmETH, and mETH into ETH before systematically transferring $27 million of ETH to over 10 additional wallets,” Nansen added.
“This attack vector is quickly becoming a favorite form of cyberattack used by advanced threat actors, including North Korea,” said Ido Ben Natan, CEO of blockchain security firm Blockaid. “This is the same type of attack used in the Radiant Capital breach and the WazirX incident.”
Lazarus Group
The Lazarus hacker group is also known as the Guardians of Peace or Whois Team. They are a hacker group consisting of several people whose identities are unknown. They are believed to be run by the North Korean government.
Although not much is known about the group, researchers have linked many cyber attacks to them since 2010.
Originally a criminal group, the group has now been designated as an advanced persistent threat. This is due to the nature of its objectives, threats, and the various methods used in carrying out its operations.
Names given by cybersecurity organizations include Hidden Cobra (used by the United States Department of Homeland Security to refer to malicious cyber activity by the North Korean government in general). Then, ZINC or Diamond Sleet (by Microsoft).
According to North Korean defector Kim Kuk-song, the unit is known internally in North Korea as the 414 Liaison Office. The Lazarus group has strong ties to North Korea.
The United States Department of Justice claims the group is part of the North Korean government’s strategy to “weaken global cybersecurity and generate illicit revenue in violation of sanctions”.
North Korea benefits from conducting cyber operations. Because it can present an asymmetric threat, such as with a small group of operators. Especially against South Korea.
Other Crypto Leaders Support Bybit
Binance founder Changpeng “CZ” Zhao advised Bybit CEO on preventive measures. The goal is to prevent the platform from experiencing further and more severe losses. CZ’s suggestion was to temporarily halt withdrawals to protect crypto users.
In addition to CZ, several other crypto leaders have also expressed their support for Bybit. Such as Binance co-founder Yi He, who offered to help deal with the crisis.
Meanwhile, Tron founder Justin Sun promised to help track down the stolen funds. The crypto community at large is also calling for stronger security measures across exchanges, with the aim of preventing similar incidents from happening in the future.
They have also come together to work together to secure crypto exchanges from hackers. Including the Lazarus hacker group, which is suspected of carrying out large-scale hacks.
