Emma Nelson 
Known as the mastermind behind some of the most notorious exploits in the cryptocurrency world, the Lazarus Group has now been identified as the culprit behind the recent Bybit hack. This hacking organization, widely believed to have ties with North Korea, is accused of orchestrating the theft of $1.4 billion worth of Ethereum from the popular crypto exchange, Bybit.
Lazarus Group Implicated in the Bybit Heist
Blockchain investigator ZachXBT has presented compelling evidence linking the attack to the Lazarus Group. His in-depth investigation uncovered a series of test transactions and interconnected wallets that trace directly back to the group. Detailed graphs and time-based analyses, which were shared publicly on X, have been forwarded to Bybit as part of their ongoing investigation. Adding further weight to these findings, Arkham Intelligence—a renowned blockchain data platform—offered a reward of 50,000 ARKM tokens for any information that could help pinpoint the perpetrators. After reviewing ZachXBT’s comprehensive report, Arkham confirmed the connection to the Lazarus Group, noting that the evidence included a complete breakdown of test transactions, linked wallets, and forensic graphs that vividly illustrated the chain of events leading to the hack.
Lazarus Group
The Severity of the Bybit Exploit
The Bybit hack, which took place on Friday, saw approximately 401,346 ETH stolen from the exchange’s cold wallet—a significant sum valued at about $1.4 billion. This breach is particularly alarming because cold wallets are generally regarded as secure due to their lack of internet connectivity. The fact that the hackers managed to penetrate such a supposedly secure system underscores not only their desperation but also the vulnerabilities inherent in the current cryptocurrency market. Reports indicate that the stolen funds have been transferred across various wallets, and at least $200 million worth of staked Ether (stETH) has already been liquidated on decentralized exchanges.
In response to the hack, Bybit CEO Ben Zhou reassured the community via his X account, emphasizing that the exchange remains financially robust and fully solvent. Zhou confirmed that all client assets are completely backed, even in the face of such a significant security breach. Nonetheless, the fallout from the incident has had broader repercussions on the digital asset market. Ethereum’s Relative Strength Index (RSI) dropped sharply from 62.8 to 51.6 within hours, indicating a marked decrease in buying activity as the stolen ETH began to circulate. This decline in momentum was mirrored by a 4% drop in Ethereum’s price shortly after the hack, with similar downward pressure observed across Bitcoin and other altcoins, collectively dragging down the overall market capitalization.
Lazarus Group: A Recurring Threat in Crypto
The Lazarus Group is no stranger to high-profile cyberattacks. Frequently cited as the architect behind some of the largest hacks in the crypto industry, there is widespread speculation that the group operates with the backing of the North Korean government. In essence, they are believed to serve as a state-sponsored tool for siphoning funds and circumventing international economic sanctions. For instance, in March 2022, the group is reported to have stolen roughly $625 million from the Ronin Network, which is linked to the popular Axie Infinity game. Later, in June 2022, the US FBI confirmed that the Lazarus Group had carried out a $100 million breach of Harmony’s Horizon bridge. More recently, in 2024, the group was implicated in the theft of over $300 million from Japan’s DMM Bitcoin exchange. These successive attacks highlight the group’s evolving tactics and their relentless pursuit of vulnerabilities in cryptocurrency systems.
A Call for Stronger Security Measures
The Bybit hack serves as a stark reminder of the pressing need for enhanced security protocols within the digital asset space. In light of the ongoing threat posed by North Korean hackers like the Lazarus Group, governments and industry leaders are increasingly emphasizing the importance of robust security measures. In January, the United States, Japan, and South Korea jointly issued a statement to address these threats, underscoring their commitment to disrupting the operations of such malicious actors.
In summary, the identification of the Lazarus Group as the force behind the Bybit hack not only reinforces their reputation as one of crypto’s most formidable adversaries but also highlights the vulnerabilities that still exist in digital asset security. As the investigation continues, the industry is reminded that stronger, more resilient security measures are urgently needed to protect both exchanges and investors from future breaches.
