While crypto exchanges have weathered their share of hacks over the years, the Bybit breach of February 2025 takes the cake – and then some. North Korean hackers made off with a staggering $1.5 billion in cryptocurrency, making it the largest crypto heist in history. Sorry, Poly Network’s $611 million theft in 2021 – you’ve been dethroned. The hackers demonstrated remarkable speed in their initial attack, moving USD 160 million within the first 48 hours.
The hackers didn’t waste time getting creative with their ill-gotten gains. They’ve scattered 12,836 BTC across 9,117 wallets like confetti at a digital parade, averaging 1.41 BTC per wallet. By March 20, they’d converted 86% of the stolen funds – a cool 440,091 ETH worth about $1.23 billion – into Bitcoin. This attack continues North Korea’s pattern of successful cryptocurrency theft, as they were responsible for USD 800 million in stolen digital assets during 2024 alone.
North Korean hackers scattered billions in stolen crypto across thousands of wallets, turning their heist into a digital shell game.
But here’s where things get really interesting – and by interesting, we mean frustrating for investigators. The thieves turned to Wasabi Mixer, pushing 944 BTC (over $90 million) through its CoinJoin technique. They didn’t stop there. The stolen funds bounced around like a pinball between THORChain, CryptoMixer, Tornado Cash, and Railgun before sliding into P2P and OTC exchanges.
TRM Labs didn’t take long to point the finger at North Korea’s notorious Lazarus Group. These aren’t your average crypto bandits – they’re state-sponsored hackers with a track record of sophisticated crypto theft. Their laundering game is strong, too. By April 21, about $400 million of the stolen Ethereum had vanished into the digital ether, becoming completely untraceable.
Bybit CEO Ben Zhou’s been keeping the community updated, but it’s like trying to catch smoke with your bare hands. The funds keep hopping across platforms – eXch, Lombard, LiFi, Stargate, SunSwap – you name it. Each cross-chain swap adds another layer of complexity to the tracking effort.
Meanwhile, Bitrace confirms the hackers are dumping stolen funds through OTC channels across multiple countries. It’s a messy situation, and it’s getting messier by the day.
