One of the The dangers of cryptocurrencies are hacker attacksIn fact, recent news reports suggest that a group of hackers, known for their ties to the North Korean leader, has pulled off one of the largest known cryptocurrency heists.
It is said that the loot exceeds the amount of 300 million dollarsThe type of cryptocurrency stolen is not specified, but the enormous monetary value indicates that Bitcoins were involved in this theft.
This news was released in February 2025, when it was reported that the platform crypto exchange known as Bybit had been victim from a cyber attack. This site has been operating since 2018 and has its headquarters and head office in Dubai, in the United Arab Emirates. It's a widely used platform for buying, selling, and trading cryptocurrencies such as Bitcoin, NFTs, and various altcoins.
For over five years, Bybit has been touted as a safe online space for cryptocurrency businesses and exchanges. But this recent hacker attack has proven that Bybit is not invulnerable.
What information is available about this cybertheft?
Speaking to the media, Bybit bosses They indicated that the attackers compromised one of the cold wallets that were offline.. Thus, hackers managed to intervene in the cryptocurrency supply chain. Some news portals report that the Stolen digital assets are part of the network Ethereum (ETH), but other sources indicate that large sums were also stolen amounts of bitcoins.
At Bybit they opted for close the ETH gap, as well as closing the compromised cold wallet. In addition, this cryptocurrency exchange and purchasing platform remained closed for several days. However, they have offered their customers peace of mind, as they will do everything possible to replace the amount of cryptocurrency that has been lostMany believe this theft will have various consequences. For example, there are fears that it will significantly impact the price of cryptocurrencies internationally. It is also feared that it will unleash a wave of distrust toward the use of these digital assets.
Why is the cyberattack suspected to have been carried out from North Korea?
Everything indicates that the attack was perpetrated by a hacker organization called Lazarus Group. Investigations have shown that this theft was carried out using strategies typical of this well-known group. Initially, it was clear that the hackers made a follow-up of Bybit's crypto wallets. This is how they discovered the existence of a cold wallet. Another peculiarity is that they did not steal the cryptocurrencies directly from the Bybit platform, but rather They intercepted the cryptocurrencies before they could reach BybitFor this reason, the theft of these digital coins could not be detected in time, as they were not being taken out of Bybit, but rather being prevented from reaching the platform.
The existence of the Lazarus group has been known for over a decade. In 2014, this organization orchestrated its first major heist: stole the data of senior executives at Sony Pictures. Lazarus has also compromised other cryptocurrency exchanges, such as Bithumb and Youbit, or the Japanese platform DMM Bitcoin. As an organization that has committed several crimes of this type, some aspects of its operations are already known. modus operandi. That is how Everything indicates that Lazarus Group is the culprit of this recent cyberattack on the Bybit platform.
Hackers linked to the North Korean government
It is suspected that Lazarus Group operates from North Korean soilNumerous intelligence reports warn that North Korea's supreme leader, Kim Jong-un, is funding his military's weapons program using cryptocurrencies stolen with the help of hackers. This is how Lazarus Group is emerging as a cyber espionage unit, used by the North Korean government. Between 2008 and 2012, this group managed to steal a great deal of confidential information from the South Korean government.
In 2015, Lazarus Group stopped dedicating itself exclusively to espionage, to perpetrate a $12 million stolen from Banco del Austro, in Ecuador. That same year, he withdrew $1 million from the Tien Phong Bank in Vietnam. Later, robberies at banks in Poland, Mexico, Bangladesh, and Taiwan became known. Investigations have shown that the Lazarus Group continues to carry out very sophisticated espionage workHowever, within this organization, there is a section dedicated to capital theft, which has now specialized in cryptocurrency theft.
Esta North Korea's electronic espionage unit has become a network of hackersThere is no exact information about the members of the Lazarus Group, although some photographs and names have been collected. However, they are extremely skilled hackers, capable of distorting their identities.
Theft, money laundering and security breaches
The Stolen cryptocurrency was diverted to wallets previously used by the Lazarus Group.. In addition, this group is quite clever at laundering stolen money. They often use this money to purchase real estate or relocate it to investment funds. Thanks to their great skill within exchanges, they also manage to quickly exchange cryptocurrencies, with the intention of preventing them from being tracked.
But, what is most serious is that Lazarus Group has the support of a government. There are fears that this type of cyberattack will be repeated, since North Korea wants to give an additional boost to its weapons program. In turn, it is known that Lazarus Group is a 24-hour unit, with large number of spies all over the worldIts members usually open accounts in exchanges and banks, monitoring these platforms or institutions. Its mission is to detect weak points in these security systems. Therefore, it is believed that This latest attack on the Bybit platform had been planned for several years., hoping to recognize the weak point in the security of this platform and take advantage of the appropriate moment.
