Unprecedented $1.5 billion crypto heist linked to North Korea

The attack targeted the so-called cold wallet of the exchange, which is an offline storage system designed to provide a high level of security. The stolen funds, mainly in the form of ether, were swiftly transferred to various accounts. Subsequently, the perpetrators sold them via numerous platforms.

Ben Zhou, CEO of Bybit, reported on platform X that "all other cold wallets remain secure." He also added that the withdrawal process on the exchange is proceeding normally, intended to calm users after the wave of panic triggered by the breach.

Analysts specializing in blockchain, cited by CNBC, traced the path of the stolen cryptocurrencies. It was determined that after the theft, the funds ended up in numerous accounts and were quickly liquidated.

Experts from Elliptic linked the attack to the Lazarus hacking group, which the North Korean government sponsors. This organization has been known for years for stealing billions of dollars from cryptocurrency. Analysts indicate that the group uses advanced methods to fund the regime's activities and employs complex money-laundering techniques that make tracking the flows difficult.

According to Elliptic reports, the latest incident surpasses previous thefts, such as the loss of $611 million from Poly Network in 2021 or $570 million from Binance in 2022.

Following the breach at Bybit, users began massively withdrawing their funds, fearing for the financial stability of the platform. Ben Zhou announced that the withdrawal situation had stabilized. The exchange secured a bridge loan from undisclosed partners to cover potential losses and ensure continuity of operations.

The history of the Lazarus group dates back to 2017, when it attacked four South Korean exchanges, stealing bitcoins valued at $200 million. Since then, its activities have been monitored by law enforcement and analytical firms. Industry experts emphasize that such thefts continue to threaten the cryptocurrency market significantly.