![BitTorrent [New]](https://s2.coinmarketcap.com/static/img/coins/64x64/16086.png)
Bybit, a Dubai-based cryptocurrency exchange, was recently victim to one of the largest cyberattacks in history, with the notorious North Korean Hack Group (a.k.a the Lazarus Group) having been identified as its attacker, looting the exchange of 1.5 billion dollars worth of Ethereum (ETH). On February 21, 2025, the world witnessed the largest-ever cryptocurrency heist, shattering all previous records and exposing the growing sophistication of state-sponsored, cybercriminal gangs. 
Weaknesses in Crypto Security
Bybit suffers a loss of over 400,000 ETH from one of its cold wallets. Preliminary investigations indicated sophisticated methods used by the robbers in altering transaction data, which circumvented layered security protocols, with the money being transferred to unknown addresses.
Ethereum to Bitcoin
After the heist, Lazarus launched a massive laundering operation to hide the stolen funds. According to blockchain analysis from Arkham Intelligence, the group has successfully laundered the stolen Ethereum, with a large part of the stolen funds converted into Bitcoin (BTC). As reported, the group has accumulated 6,706 BTC, which has now a value of around $591 million on March 4, 2025. The funds are distributed across a network of unflagged addresses, making tracking difficult.
A New Gold Standard in Cybercrime
Cybersecurity experts have been alarmed at the speed with which the Lazarus Group washed the stolen money. In at least $160 million was transferred through illicit channels in the 48 hours after the theft, and estimates were above $400 million by Feb. 26. This accelerated laundering demonstrates the gang’s increased operational potency and creates major problems for law enforcement trying to trace and recoup the money.
Bybit’s Response
Following the breach, Bybit CEO Ben Zhou assured clients that the exchange is facing no solvency issues and that customer assets are safe in the aftermath of the attack. According to reports, Bybit has managed to recover its reserves in less than 72 hours, receiving 447,000 Ethereum tokens in emergency capital. Operations on the exchange itself are carrying on normally, and users can withdraw funds. Bybit is working closely with experts in blockchain security to track down the stolen assets and has set up a $140 million bounty for information that could recover them.
International Consequences
The Lazarus Group, which is also referred to by one of its online handles, TraderTraitor, is known to work on behalf of North Korea’s intelligence agency, the Reconnaissance General Bureau. The group’s cybercriminal operations are believed to finance Pyongyang’s nuclear and ballistic missile programs, enabling it to evade international sanctions and providing a vital source of revenue for the isolated regime.
The Decade of High-Profile Heists
This latest attack is part of the notorious track record of the Lazarus Group with cybercrimes. In 2022, the group was alleaged to have stolen $620 million from the Ronin Network, which is a bridge used by the game Axie Infinity. They also carried out a $100 million heist on Harmony’s Horizon bridge in June 2022. Such incidents highlight the group’s increasing tactics and growing threat to the global financial system.
A Wake-Up Call for the Crypto World
The Bybit hack is a strong reminder of the weakness of the crypto ecosystem. This underscores the importance of exchanges and other platforms investing in stronger security protocols, developing comprehensive oversight mechanisms, and working in conjunction with global law enforcement entities to prevent and address such risks.
Enhancing Security Against Emerging Threats
As cybercriminal activities—like those employed by the Lazarus Group—are further modulated, the cryptocurrency industry must evolve with the times. These measures include improved security measures, international collaboration, and proactive threat intelligence sharing as they are crucial to protecting digital assets and preserving trust in the emerging crypto economy.
Note: The content of this article is current as of October 5, 2025. Events in the investigation and in asset recovery may have taken place since that time.
Stay connected with TurkishNY Radio by following us on Twitter and LinkedIn, and join our Telegram channel for more news.
Frequently Asked Questions
1. Who is the Lazarus Group, and why are they notorious?
The Lazarus Group is a national state-backed cybercrime syndicate behind some of the most notorious crypto heists, including the Bybit hack for $1.5B and other previous attacks.
2. How did the Lazarus Group launder $1.5B worth of stolen crypto?
They immediately exchanged stolen Ethereum (ETH) into Bitcoin (BTC), no traceability on decentralized exchange, with unflagged addresses or mixing services was involved, which makes the recovery and tracking of the coin quite hard for detectives.
3. How does this hack affect cryptocurrency security?
It reveals security vulnerabilities in exchanges, a need for better tracking of the blockchain, and concerns that North Korea’s cybercrime is funding illicit activity.
4. Can the Lazarus Group recover stolen funds?
It’s a hard slog for recovery, but • blockchain analysis firms, exchanges, and global regulators • are following the money, freezing flagged accounts, and working together to • stop further laundering •.
Glossary of Key Terms
Lazarus Group: North Korean state-sponsored group behind major crypto thefts, cyber espionage, and financial fraud
Crypto Laundering: The act of hiding the sources of illegal cryptocurrency via mixers, DEXs, and multiple transactions in order to avoid detection.
Ethereum (ETH) ): A decentralized blockchain platform that provides the ability for others to create smart contracts and dApps; frequently targeted by hackers due to high-value transactions.
Bitcoin (BTC): As the first and most valuable cryptocurrency, it is frequently used as a final asset in laundering due to its liquidity and global acceptance.
Unflagged Addresses: Cryptocurrency wallets that have not been blacklisted by regulators, providing hackers with the opportunity to move their stolen funds without being flagged immediately.
Decentralized Exchanges (DEXs): P2P platforms enabling direct crypto transactions without intermediaries, often leveraged for money laundering due to anonymity.
Blockchain Analysis: At its core, it involves using forensic tools to help trace crypto transactions, recognize patterns, and trace illegal fund flows, connecting the dots between wallets and networks.
Cybercrime Syndicate: A group of individuals organized with each other committing hacking, fraud, and theft in the digital space, often state-sponsored for political and economic goals.
