A major cybersecurity incident has rocked the cryptocurrency world, with hackers stealing an estimated $1.5 billion (£1.1 billion) in digital assets from the Dubai-based exchange Bybit. The breach, which occurred on February 21, involved malware that was used to approve unauthorized transactions, allowing the attackers to funnel the stolen funds into accounts under their control. Experts from Elliptic, a British blockchain analytics firm, have linked the attack to North Korea’s notorious Lazarus Group, a state-sponsored cybercrime outfit known for its sophistication and relentless operations. This group has reportedly stolen over $6 billion (£4.7 billion) in cryptocurrency since 2017, with the proceeds believed to be funding North Korea’s ballistic missile program and helping the regime circumvent international sanctions.
The theft has sent shockwaves through the cryptocurrency market, with the price of Bitcoin and other digital currencies experiencing a sharp decline. While cryptocurrency is inherently volatile, the drop has erased some of the gains made since Donald Trump’s presidency, during which a pro-crypto agenda gained traction. Despite the setback, Bitcoin remains significantly higher in value compared to its price before Trump took office. Bybit’s CEO, Ben Zhou, has sought to reassure users and investors by stating that the exchange is solvent and capable of covering the loss. However, as of Wednesday, only a tiny fraction of the stolen funds had been traced, highlighting the challenges of recovering cryptocurrency once it has been transferred and laundered.
In an effort to recover the stolen assets, Bybit has announced a $140 million (£100 million) “bounty” program. This initiative, which represents about 10% of the stolen funds, aims to incentivize individuals and organizations to help track and freeze the illicit assets. The reward will be split between those who successfully traces the funds and those who assist in freezing them. This approach reflects the growing trend of leveraging decentralized networks and community participation to combat cybercrime in the cryptocurrency space. However, the success of such efforts remains uncertain, given the sophistication of the attackers and the anonymity offered by blockchain technology.
The Lazarus Group, blamed for this attack, is part of a broader network of North Korean hacking organizations that have been instrumental in stealing billions of dollars in cryptocurrency. According to Chainalysis, a leading blockchain analytics firm, North Korea-linked groups such as Lazarus and Kimsuky were responsible for one in five hacking incidents in 2024. In 2023 alone, these groups stole approximately $660 million (£521 million) across 20 incidents, with the figure rising to $1.34 billion (£1 billion) in 2024. Chainalysis describes North Korean hackers as “notorious for their sophisticated and relentless tradecraft,” employing advanced malware, social engineering, and other tactics to fund state-sponsored operations and bypass international sanctions. Despite these accusations, North Korea has consistently denied any involvement in cyber hacking or cryptocurrency theft.
The theft from Bybit is the latest in a long string of high-profile cryptocurrency hacks that have plagued the industry. According to Chainalysis, 2022 saw the highest ever recorded theft of crypto assets, with $3.7 billion (£2.9 billion) stolen that year. While the figure dropped to $1.8 billion (£1.4 billion) in 2023 and $2.2 billion (£1.7 billion) in 2024, the number of hacking incidents has continued to rise. Some of the most notable hacks include the $625 million theft from the Ronin Network in March 2022, which was also attributed to the Lazarus Group, as well as the $611 million heist from the Poly Network in August 2021. Other major incidents include the $569 million hack of the Binance BNB Bridge in October 2022, the $532 million theft from the Japanese exchange Coincheck in January 2018, and the $477 million stolen from FTX’s crypto wallets in November 2022. These incidents underscore the vulnerabilities of the cryptocurrency ecosystem and the growing sophistication of cybercriminals.
As the investigation into the Bybit hack continues, experts warn that the threat posed by North Korean hacking groups remains significant. These groups have demonstrated an ability to adapt and evolve their tactics, making them formidable adversaries in the cyber landscape. The use of cryptocurrency as a tool for evading sanctions and funding illicit activities has become a key concern for international authorities, who are increasingly calling for stricter regulations to combat such threats. While Bybit’s bounty program represents a novel approach to recovering stolen funds, the broader challenge of securing the cryptocurrency ecosystem remains unresolved. As the industry continues to grow, addressing these vulnerabilities will be critical to ensuring the long-term stability and trust in digital assets.
