North Korea Accused of $1.4 Billion Bybit Crypto Heist

Significant Ethereum Theft Targets Bybit Exchange

A substantial breach occurred on Friday, resulting in the theft of approximately $1.4 billion in Ethereum cryptocurrency from the Bybit crypto exchange. This incident currently represents the largest recorded heist in the history of cryptocurrency.

Attribution to Lazarus Group

Following the security compromise, multiple blockchain analysis companies, alongside prominent crypto investigator ZachXBT, have identified the North Korean government-affiliated hacking group, Lazarus Group, as the likely perpetrator.

ZachXBT initially raised concerns and pointed towards the Lazarus Group shortly after detecting the initial indicators of the attack. The researcher detailed tracking the illicitly obtained cryptocurrency from Bybit to digital wallets previously implicated in attacks targeting Phemex, BingX, and Poloniex – all events linked to North Korean actors.

Confidence in North Korean Involvement

When questioned by TechCrunch regarding his confidence level in attributing the Bybit hack to North Korea, ZachXBT stated, “100%.” He reinforced this assessment by referencing the aforementioned prior incidents. ZachXBT also indicated that law enforcement agencies share this perspective.

Elliptic, a blockchain monitoring firm, arrived at a similar conclusion. “Our team has been working diligently with Bybit, our clients, and other investigators to trace these funds and prevent the North Korean regime from profiting,” Elliptic stated in a published blog post.

Laundering Patterns and Analysis

Elliptic’s assessment of North Korean responsibility is “based on various factors, including our analysis of the laundering of the stolen cryptoassets.” The firm further noted that Lazarus Group consistently employs a “characteristic pattern” when attempting to obscure the origins of stolen cryptocurrency.

North Korea's History of Crypto Heists

North Korea has established a reputation as a frequent perpetrator of cryptocurrency theft. A United Nations panel has linked the regime’s hackers to at least 58 separate crypto heists. Furthermore, the governments of the United States, Japan, and South Korea estimate that Kim Jong-Un’s administration has stolen over $650 million through various crypto hacks and heists during the year 2024.

Tom Robinson, co-founder and chief scientist at Elliptic, explained to TechCrunch that the attribution is based on the fact that “funds stolen from Bybit are being combined with funds from multiple thefts attributed to the DPRK,” referencing the North Korean regime.

Robinson added, “The laundering techniques being utilized closely resemble those previously observed with DPRK activities.” He also mentioned additional, undisclosed factors supporting their conclusion.

Confirmation from TRM Labs

TRM Labs, a blockchain intelligence firm, also determined “with high confidence” that North Korea was responsible for the Bybit hack, as detailed in a blog post released on Friday.

Bybit’s spokesperson, Tony Au, refrained from commenting on the potential link to North Korea, stating that “our team is still investigating at this moment.”

TechCrunch’s request for comment directed to North Korea’s Permanent Mission to the United Nations received no response.