North Korea’s infamous Lazarus Group is behind this mess. These guys are pros. They’ve stolen over $3 billion in crypto since 2017, funding their country’s missile program while the rest of North Korea starves. Classic priorities.
After the hack, they scattered the loot across 50 different wallets. Sneaky. Users with non-custodial wallets remained protected from the attack since they maintained full control of their private keys.
Funds scattered like seeds to the wind—50 wallets to hide their digital fingerprints.
Bybit didn’t waste time. They’re offering a 10% bounty—up to $140 million—to anyone who helps recover the stolen assets. The exchange has seen approximately $1.7 billion outflow from worried users since the incident occurred. CEO Ben Zhou is putting on a brave face, claiming the exchange remains solvent despite the $1.5 billion hole in their pocket. Their bounty site went live on February 25.
Meanwhile, the hackers aren’t exactly sitting around. They’ve already started laundering $140 million through anonymous exchanges, converting everything to Bitcoin. They’re using decentralized exchanges to swap stolen tokens for Ethereum. The eXch exchange has processed tens of millions already. The attackers employed complex laundering methods to make tracking the stolen funds extremely difficult.
The crypto industry has managed to freeze $42.85 million so far. THORChain blacklisted addresses linked to the hack. Chainalysis and Elliptic are helping track the funds.
How’d they do it? Social engineering. The hackers tricked cold wallet signers, replaced Safe’s multi-signature wallet contract, and intercepted a routine transfer. CEO Zhou clicked a normal-looking URL during a cold wallet transfer. Rookie mistake.
This theft nearly doubles what North Korea stole in all of 2024. It shows the Lazarus Group is getting better, faster, and more sophisticated.
The crypto world needs stronger security and better cross-border cooperation. Fast. Because these guys aren’t going away anytime soon.
