News: Bybit Hit by Record $1.5 Billion Hack: North Korea’s Lazarus Group Blamed per FBI

Bybit Hit by Record $1.5 Billion Hack:
North Korea’s Lazarus Group Blamed per FBI

February 28, 2025 – The cryptocurrency world is reeling after Bybit, a Dubai-based exchange, suffered a staggering $1.5 billion hack on February 21, 2025—now labeled the largest crypto heist in history. The U.S. Federal Bureau of Investigation (FBI) has pinned the attack on North Korea’s notorious Lazarus Group, spotlighting the growing threat of state-sponsored cybercrime in the digital asset space.

The breach occurred during a routine transfer from Bybit’s cold wallet—an offline storage system—to a “warm” wallet for daily trading. Hackers, identified as the Lazarus Group (also known as TraderTraitor), exploited compromised credentials at Safe{Wallet}, a third-party wallet provider used by Bybit. According to forensic reports from Sygnia and Verichains, malicious code injected into Safe{Wallet}’s infrastructure on February 19 tricked Bybit staff into signing off on the transfer, siphoning 401,347 Ethereum (ETH) and liquid-staked ETH (stETH)—worth $1.48 billion at the time—into addresses controlled by the attackers.

Bybit’s response was swift. CEO Ben Zhou confirmed the breach within hours, replenished reserves to a 1:1 ratio within 72 days, and launched a $140 million bounty program to recover funds. So far, $43 million has been frozen with help from blockchain sleuths, and $4.2 million awarded to five bounty hunters. However, over $605 million—more than half the haul—has already been laundered, largely via THORChain, a cross-chain swap protocol criticized for enabling illicit flows, per Cointelegraph.

The FBI’s February 26 statement urged crypto platforms to block transactions tied to 11,000+ wallets linked to the hack, warning that Lazarus could convert remaining ETH into Bitcoin or fiat. This aligns with the group’s history—experts estimate they’ve stolen $3.4 billion in crypto since 2020, including 2022’s $615 million Ronin Bridge heist.

Market fallout was immediate. Ethereum dipped 5% overnight after the news, and Glassnode reported a $4.3 billion crypto market exodus as panic withdrawals spiked. Bybit, handling 99.994% of over 350,000 withdrawal requests, secured loans for 80% of losses and boasts $16.14 billion in reserves—signaling resilience despite the hit.

For traders, this raises tax headaches. Hacked funds can’t be claimed as losses easily anymore—proof’s tough since 2018 IRS rules killed theft deductions outside disasters, Tools like Koinly could help track wallet activity for audits, though.

Zhou’s vowed “war on Lazarus,” but the hack dents trust in centralized exchanges. With THORChain’s swap volume soaring past $1 billion post-heist, scrutiny on crypto security—and tax compliance—is sharper than ever.

Sources:

• Cointelegraph: “Bybit hacker launders $605M ETH, over 50% of stolen funds” - https://cointelegraph.com/news/bybit-hacker-launders-605m-eth-over-50-of-stolen-funds

• Reuters: “FBI says North Korea was responsible for $1.5 billion Bybit hack” - https://www.reuters.com/technology/cybersecurity/fbi-says-north-korea-was-responsible-15-billion-bybit-hack-2025-02-26/

• Glassnode via Bitcoin News: “Bybit’s $1.48B Hack Triggers $4.3B Crypto Market Exodus” - https://news.bitcoin.com/bybits-1-48b-hack-triggers-4-3b-crypto-market-exodus-glassnode-reports/