Lazarus Group Steals $1.5 Billion from Bybit: the largest Crypto heist in history

ZENDATA Blog

North Korean hacking group Lazarus has carried out a massive attack on Dubai-based cryptocurrency exchange Bybit, stealing $1.5 billion in Ethereum. The hack, which occurred during a routine transfer between digital wallets, is now considered the largest cryptocurrency theft ever recorded.

Hackers exploited a vulnerability during a transfer between a “cold” wallet (offline storage) and a “hot” wallet (used for daily transactions), allowing them to redirect the funds to an unknown address. Bybit CEO Ben Zhou assured that the company remains solvent and that all customer assets are guaranteed. The platform is working with blockchain forensic experts to trace the stolen funds and has launched a bounty program, offering up to 10% of the recovered amount to ethical hackers assisting in the investigation.

Expert Analysis:

For years, Lazarus has perfected the art of blending financial crime with state-sponsored cyberwarfare, and this attack cements its dominance in crypto heists. The staggering sum stolen from Bybit isn’t just about profit—it fuels North Korea’s sanctioned economy, funding missile programs and intelligence operations while undermining financial stability worldwide.

This breach also exposes a fundamental flaw in crypto security: trust in the transfer process. The attack occurred not through an outright system compromise but by exploiting a critical moment when funds moved between wallets. Crypto exchanges must move beyond reactive security and redesign their transactional safeguards from the ground up—because if Lazarus can steal $1.5 billion in a single strike, it’s only a matter of time before others attempt the same.

Read the full article here.

Stay informed with us!

You can subscribe to our monthly cybersecurity newsletter to receive updates about us and the industry

Blog

Check the latest updates on threats, stories, events and analysis.

Medusa Ransomware Targets 300+ Critical Infrastructure Organizations

X Outages Blamed on Cyberattack by Dark Storm

Switzerland Mandates Cyberattack Reporting for Critical Infrastructure