This is how Kim Jong-un and his hackers committed the largest cryptocurrency cyber heist in history.
In February 2025, the Lazarus group, directly linked to the North Korean government and under the leadership of Kim Jong-un, carried out an unprecedented attack against the cryptocurrency platform Bybit. In a matter of minutes, they managed to steal $1.500 billion in Ethereum, shaking not only the affected company but also millions of people around the world.
This masterstroke demonstrated the growing technical sophistication of hackers in obtaining resources to finance their regime, turning a digital attack into a high-impact geopolitical move.
TRADE CRYPTO WITH CONFIDENCEThe largest cyber heist in crypto: an unprecedented attack
The Bybit hack was no ordinary act of cybercrime; it is considered an unprecedented attack, both in its scale and the technical expertise involved. The world-renowned Lazarus group, funded by North Korea, has established itself as a benchmark in cybercrime, but this theft surpassed even its previous attacks.
The Bybit platform had robust security measures in place, including multisig cold wallets and multi-signature verification systems, adding multiple layers of protection to its funds designed to prevent unauthorized access. However, according to an internal audit by Sygnia and Verichains, hackers violated a computer belonging to a Safe app developer, the self-custody system used by Bybit to manage its Ethereum cold wallet.
This weakness was the link Lazarus exploited. Instead of using traditional methods like malicious links, the attackers manipulated the Safe interface to show a legitimate transaction, when in fact the signatories were authorizing a fraudulent transaction. This deception, called “hot swap” interface, even made Bybit CEO Ben Zhou not realize the trick and sign the transaction.
The result was devastating: $1.500 billion in Ethereum was transferred and scattered across more than 50 digital wallets, mixing it with other cryptocurrencies to make it difficult to trace. Therefore, this theft not only set a record, but also redefined security challenges in the crypto ecosystem, demonstrating that technological innovation also requires constant vigilance and even more advanced strategies.
Cybercrime as a state strategy
North Korea, under Kim Jong-un's leadership, has turned cybercrime into a powerful tool for obtaining resources. Unlike other hacker groups around the world, which often operate with espionage or sabotage motives, North Korean cybercrime teams are primarily focused on obtaining funds to sustain the regime and its strategic programs.
The stringent international sanctions imposed on North Korea have severely limited its access to foreign currency and goods. Therefore, generating revenue through unconventional methods, such as massive hacks into cryptocurrency platforms, has become an operational practice for the North Korean state.
According to specialized research, including analysis by firms such as TRM Labs and reports from the United Nations Security Council, these cybercrime and hacking operations have reportedly generated billions of dollars in crypto assets for the regime since 2021.
USE YOUR CRYPTOS SAFELYA geopolitical challenge
The Lazarus group has proven to be a persistent and sophisticated actor in cryptocurrency theft, but It is important to understand that cryptocurrencies themselves are not the problem..
In recent years, Lazarus was one of the biggest hacks by stealing $625 million in ETH and USDC from the Ronin Bridge, a blockchain infrastructure used by the popular video game Axie Infinity. But this attack against the protocol was not an isolated case, since in 2024, the group executed 47 attacks that totaled more than $1.300 billion in losses globally, according to a report from the firm Chainalysis.
The firm emphasized that Lazarus exploits vulnerabilities in cryptocurrency exchanges and digital gaming platforms, as these are sectors with large asset volumes and regulations that are still under development.
However, the real challenge lies not in crypto technology, but in how these attacks are part of a broader geopolitical strategy. For North Korea, cybercrime is a key tool for evading economic sanctions and financing priority military and technological projects for the regime.
Therefore, this attack on Bybit, while regrettable, has served as a reminder for cryptocurrency platforms to raise their security standards and collaborate closely with international organizations to anticipate and mitigate potential actions by state-sponsored groups.
The story of the Bybit hack is a reminder of the stakes and how digital warfare has consequences that transcend the economy and affect global security.
What can users do to protect their crypto assets?
To protect themselves against attacks like the one on Bybit, users should adopt a combination of good personal security practices and choose platforms that implement robust protocols.
Regarding storage, it's ideal to keep most assets in your own cold wallets, away from exchanges, to reduce the risk of massive hacks. Users should also be aware of platform security updates and prefer those that conduct frequent audits, encrypt communications, and have international certifications.
In the crypto world, it's also key to stay informed and wary of suspicious links or messages to avoid phishing attacks, as security also depends on prevention and user education.
The combination of these measures and best practices helps minimize risks in an innovative digital environment like cryptocurrency.
ACCESS CRYPTO EASILY AND SECURELY
