While crypto enthusiasts slept, North Korean hackers pulled off the unthinkable. On February 21, 2025, the Lazarus Group—North Korea’s elite cyber unit—swiped $1.5 billion in Ethereum from Dubai-based exchange Bybit. Just like that. The largest crypto heist in history, executed with frightening precision.
The attack wasn’t random. These hackers compromised a developer machine at Safe{Wallet}, authorizing a malicious transaction during a scheduled transfer. Cold storage? Not so cold anymore. They intercepted funds moving between wallets and somehow bypassed multi-signature security. So much for those fancy safeguards everyone brags about.
Cold storage systems aren’t invincible—they’re just obstacles that determined state hackers haven’t broken yet.
The FBI confirmed North Korea’s responsibility, labeling it “TraderTraitor” activity. Classic Lazarus Group. These aren’t amateur hackers—they’re state-sponsored professionals funding North Korea’s ballistic missile program. Your crypto is literally paying for weapons. Let that sink in.
The thieves moved fast. They converted Ethereum to Bitcoin, bounced funds across thousands of addresses, and used every mixer in the book—Wasabi, CryptoMixer, you name it. But laundering $1.5 billion isn’t easy. Even criminals face bottlenecks.
Bybit scrambled to contain the damage, borrowing funds to replace stolen assets. Didn’t matter. Customers yanked $4 billion within 48 hours. The attack’s timing during weekend activity exacerbated the damage as network congestion was naturally lower, allowing faster fund movement. This theft alone surpassed the combined crypto thefts throughout all of 2024. Trust, once broken, doesn’t piece back together easily.
The crypto community tracked stolen funds across blockchains while some companies—surprise, surprise—refused to cooperate with recovery efforts. The FBI issued alerts urging exchanges to block transactions with identified addresses, but decentralized finance presents unique regulatory challenges.
This attack raises uncomfortable questions. If cold storage isn’t safe, what is? North Korea’s hackers aren’t stopping anytime soon. With USD 5 billion stolen since 2017, they’ve perfected their craft through countless operations against exchanges worldwide. They’re watching, waiting, planning the next big score.
The uncomfortable truth? This cat-and-mouse game between hackers and security experts continues, with billions at stake. And somewhere in Pyongyang, they’re celebrating another successful heist—possibly eyeing your crypto wallet next.
