Dubai-based crypto exchange Bybit has confirmed the theft of roughly $1.5 billion in Ethereum, with some analysts pointing to the notorious North Korean hacking collective, Lazarus Group, as the prime suspect.
Bybit, who described the incident as the “worst hack in history,” discovered the breach during what was referred to as a routine transfer of Ethereum from an offline cold wallet to a warm wallet. According to Bybit’s co-founder and CEO, Ben Zhou, hackers successfully gained control of the wallet and moved its contents to an unknown address before any preventative measures could be taken.
“Bybit is solvent even if this hack loss is not recovered, all of clients’ assets are 1 to 1 backed,” Zhou posted on social media platform X.
North Korea?
Although the identity of the hackers remains officially unknown, blockchain analytics firm Arkham Intelligence has hinted at North Korea’s Lazarus Group as the likely culprit. In previous incidents, Lazarus operatives have been linked to large-scale cyber thefts, including a $615 million exploit targeting the Ronin Network in 2022. Some estimates place North Korean state-sponsored crypto theft at $800 million in 2024 alone, with the attacks showing no signs of slowing.
Critics also note that existing sanctions against Pyongyang have done little to deter state-backed groups from pursuing digital heists.
Following news of the breach, Bybit reported a spike in withdrawal requests, receiving more than 350,000 such instructions from concerned customers. Zhou acknowledged these requests publicly and indicated there might be delays in processing. However, he emphasized that “ALL withdraws have been processed.”
The theft prompted a momentary dip of nearly 4% in Ethereum’s price, though the digital asset quickly rebounded to near pre-hack levels.
Bybit, for its part, has vowed to rebuild trust by offering a 10% bounty to anyone who can help retrieve the stolen funds, an amount that could reach $140 million if the entire haul is recovered.
Information for this story was found via The Guardian, Toronto Sun, and the sources mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.
