The Bybit cryptocurrency exchange suffered a massive hack, resulting in the theft of 400,000 Ethereum (ETH and stETH), worth approximately $1.5 billion, making it the largest cryptocurrency heist to date. The attack exploited smart contract manipulation during a cold-to-warm wallet transfer, allowing the hackers to redirect funds to their own address.

Security experts, including Check Point, TRM Labs, and Elliptic, have attributed the attack to North Korea’s Lazarus Group, a state-sponsored hacking organization known for major cryptocurrency thefts. The hackers compromised multisig signers, likely through malware, phishing, or a supply chain attack.

The stolen funds were quickly dispersed across 50 wallets and are being laundered through centralized exchanges, decentralized platforms, and cross-chain bridges, with a shift from Ethereum to Bitcoin. Bybit has managed to recover $43 million and launched a bug bounty program offering up to 10% of recovered funds to those who help retrieve the stolen assets.

This attack follows previous high-profile cryptocurrency thefts linked to North Korea, including the $600 million Ronin hack and the $308 million Bitcoin.DMM.com heist, with reports stating North Korean hackers stole $660 million in cryptocurrency in 2024.

‍