The FBI has officially confirmed that the North Korean hacking collective known as the Lazarus Group orchestrated the recent $1.4 billion crypto heist at Bybit. The attack, dubbed “TraderTraitor,” exploited the exchange’s Ethereum cold wallet, making it one of the largest publicly disclosed cryptocurrency hacks in history. While some funds have been recovered, a significant portion remains scattered across thousands of blockchain addresses. This incident highlights the growing threat of state-sponsored cybercrime in the crypto industry.
The Scale of the Heist
On February 21, hackers infiltrated Bybit’s Ethereum cold wallet during a routine transfer, seizing over $1.4 billion worth of Ethereum and related tokens. Initially, the crypto community suspected the Lazarus Group’s involvement due to their previous high-profile exploits. This suspicion was later validated by both on-chain sleuth ZachXBT and blockchain analytics platform Arkham Intelligence, who linked the attack to the notorious North Korean hackers.
Bybit co-founder and CEO Ben Zhou assured users that the exchange remained financially stable despite the unprecedented loss.
“Bybit is solvent even if this hack loss is not recovered. All clients’ assets are 1-to-1 backed, and we can cover the loss,” Zhou stated in an X (formerly Twitter) post on the day of the attack.
Lazarus Group’s Known Tactics
The Lazarus Group, backed by the North Korean regime, has been linked to several major crypto heists in recent years. Their modus operandi often involves compromising development environments or injecting malicious code into critical systems. In this case, cybersecurity firm SlowMist revealed that a Safe{Wallet} developer’s equipment was compromised, allowing attackers to modify transaction parameters and redirect funds.
“These threat actors are working fast to cash in on their plundered crypto,” the FBI noted, adding that the stolen Ethereum has since been converted into Bitcoin and other assets, now scattered across multiple blockchain addresses.
Efforts to Recover Stolen Funds
While the attack was devastating, some recovery efforts have shown progress. Blockchain analytics firm Elliptic reported that $43 million of the stolen funds have been retrieved, along with an additional $243,000 from related accounts. However, this is only a fraction of the total amount taken.
Bybit has offered a 10% reward to security experts who assist in recovering the remaining funds. In addition, the FBI has identified 48 Ethereum addresses linked to the attack and urged blockchain entities to block any transactions associated with them. This collaborative approach aims to prevent further laundering and retrieval of the stolen assets.
Implications for the Crypto Industry
This massive theft has raised concerns about the security of even well-established exchanges. Bybit, one of the leading centralized crypto platforms, now faces scrutiny over its security protocols. The attack also underscores the growing sophistication of state-sponsored hackers and the increasing role of cryptocurrencies in funding illicit activities.
As Ben Zhou put it, “This incident reminds us that even the best defenses can be breached by highly skilled and motivated attackers. We must remain vigilant and work together to strengthen the industry’s security standards.”
Conclusion: What’s Next?
Moving forward, Bybit and the broader crypto community must address vulnerabilities exposed by the attack. Industry-wide efforts to improve security protocols, share threat intelligence, and develop advanced detection systems will be crucial in preventing future breaches. The FBI’s ongoing collaboration with private sector entities will also play a vital role in tracking stolen assets and bringing the perpetrators to justice.
In the meantime, users should ensure they follow best practices—such as using hardware wallets and enabling two-factor authentication—to protect their digital assets. Keep following Deythere and keep an eye on Bybit heist update.
FAQs:
What happened in the Bybit hack?
Hackers linked to North Korea’s Lazarus Group stole over $1.4 billion worth of Ethereum and related tokens from Bybit’s cold wallet in February 2025.
Who is the Lazarus Group?
The Lazarus Group is a North Korean state-sponsored hacking collective known for high-profile cyberattacks and thefts in the cryptocurrency industry.
How much of the stolen funds have been recovered?
Approximately $43 million of the stolen assets have been retrieved so far, along with an additional $243,000 from related accounts.
Glossary of Key Terms:
Cold Wallet: An offline cryptocurrency storage method that is not connected to the internet, considered more secure than hot wallets.
TraderTraitor: The name given by the FBI to the operation believed to be behind the Bybit hack.
Lazarus Group: A North Korean state-sponsored hacking collective known for targeting financial institutions and cryptocurrency platforms.
Elliptic: A blockchain analytics firm that helps track stolen cryptocurrency and identify associated wallets.
References:
- ZachXBT’s on-chain analysis
- Arkham Intelligence report
- Elliptic’s recovery update
- SlowMist technical breakdown
For advertising inquiries, please email . [email protected] or Telegram
