Keynote
North Korean hackers have approved Bybit’s security team to Trick’s security team for the theft using sophisticated “masked” transactions and fake interfaces. The Lazarus Group operates with state support and has targeted major institutions since 2009. Weapon program.
On February 21st, Bybit’s Ethereum Cold Wallet was hacked, resulting in a $1.46 billion theft. The attack is one of the biggest code robbers in history. Hackers have approved Bybit’s security team for malicious transaction approval using “masked” transaction methods and a fake secure wallet interface.
The attack was linked to the Lazarus group and was later confirmed by the FBI. In response, Bybit co-founder and CEO Ben Zhou declared a “war” against North Korean hackers.
Who is the Lazarus group?
The Lazarus Group is a name given to a hacking group sponsored by the North Korean state that appeared around 2009. Hidden cobras, zinc and diamonds are also known as guardians of peace. Its size and structure remain unknown.
According to US law enforcement, the group was led by Park Jin Hee-ok, a North Korean citizen who previously worked in Chinese software development, before returning to North Korea in 2011. The FBI describes him as part of the responsible party for some of the most harmful cyber invasions in history.
“Park Jin Hee-ok is said to be a state-sponsored North Korean computer programmer who is allegedly part of a criminal conspiracy responsible for some of the most expensive computer intrusions in history. These intrusions have damaged the computer systems of numerous casualties and stole currency and cryptocurrency.”
The first confirmed attacks by the Lazarus Group date back to 2009, initially targeting South Korean government resources. Over the years, their business has expanded worldwide.
State ties and international reach
It is widely accepted that the Lazarus Group operates under the control of the North Korean government. In a select few countries with open internet access (where the majority are limited to censored state-controlled networks), large-scale cyber operations, such as large-scale cyber operations, are not possible without state approval.
However, researchers at the NCC Group believe that many North Korean hackers are active outside of North Korea. The FBI has identified group members in China and other countries.
Famous early attacks
Sony Pictures Hack (2014): Lazarus Group shuts down Sony Pictures Entertainment, showing death threats on employee screens. The hackers also leaked personal data for 7,000 employees. The attack was widely believed to be retaliation for the release of an interview, a satirical film about an attempted assassination of Kim Jong-un. Sony eventually canceled the release of the film.
Bangladesh Central Bank Robbery (2016): Using Swift Network, hackers stole $81 million from the account of the Federal Reserve Bank of New York’s Bangladesh Bank.
Wannacry Ransomware (2017): Infecting over 300,000 computers around the world, demanding $300 Bitcoin ransoms from victims, including hospitals in Europe, Renault and Nissan.
Crypto Heists: billions of stolen
Lazarus Group has been heavily involved in crypto theft since at least 2017, targeting central exchange, Defi platforms and bridges.
2017-2018: 14th of $882 million from cryptocurrency exchange. 2022: Hacked Ronin Sidechain and stole $620 million from Axie Infinity Players. 2022: Attacked Harmony’s Horizon Bridge and Atomic Wallet, stolen $200 million. 2017-2022: Estimated Total Cryptotheft: $3 billion. 2023: TRM Labs said it stole at least $600 million. 2024: Stolen codes have reached $1.34 billion, a chain melting reported. 2025: At least $1.46 billion from Bibit Hacking.
Where will the money go?
The UN previously reported that North Korea is using stolen codes to fund its nuclear and missile programs, but direct evidence remains lacking.
Regardless of the end use, the actions of the Lazarus Group will undermine the reputation of the entire crypto industry. Bibit hacks are a further reminder that even major exchanges with sophisticated security infrastructure remain vulnerable to state-backed cybercriminals.
Next
Disclaimer: Coinspeaker is committed to providing fair and transparent reporting. This article is intended to provide accurate and timely information, but should not be considered financial or investment advice. Market conditions can change quickly, so we recommend that you review your information yourself and consult with an expert before making a decision based on this content.
Anton is a crypto journalist with over five years of experience in the industry. For four years he was the editor of Folklog, the largest Russian-speaking Bitcoin magazine. Anton combines a deep understanding of the crypto market with hands-on investment experience to provide insightful insight into expert forecasts, NFT trends and Web3 innovation. His clear and engaging analysis makes complex topics accessible and allows readers to make informed decisions in the evolving cryptographic landscape.
Anton Varanov on LinkedIn
Marco T. Lanz of X
