Lazarus Group Linked to $1.4B Bybit Hack and $29M Phemex Breach

• Blockchain analysts linked the Bybit and Phemex hacks to North Korea’s Lazarus Group.  
• The Bybit hack alone accounts for over half of 2024’s crypto thefts.  
• North Korean hackers stole $1.34 billion in 2024, a 102% increase from 2023. 

North Korea’s Lazarus Group is suspected of hacking Bybit and Phemex. The Bybit hack on February 21 resulted in a $1.4 billion loss. Hackers mainly stole staked Ether and ERC-20 tokens. Blockchain experts from Arkham Intelligence and ZachXBT identified Lazarus-linked wallets used in the attack.  

New data confirmed that the same hackers breached Phemex in January. That attack led to a $29 million loss. Investigators found that stolen funds from both hacks were mixed, strengthening the link. This pattern suggests that Lazarus Group is refining its hacking methods.  

Onchain data showed that Phemex’s hot wallets were drained in 125 transactions. The attackers targeted 11 blockchain networks to avoid detection. They later used Tornado Cash to convert stolen assets into Ether.  

Bybit’s breach was more sophisticated and alarming. Hackers tricked exchange signers into approving a smart contract change. This gave them control over Bybit’s Ethereum multisig cold wallet. Security experts believe the hackers used deceptive transactions to manipulate the system.  

The attack resembled the $230 million WazirX hack. This similarity suggests that Lazarus Group is improving its techniques. The Bybit hack alone accounted for more than half of all crypto thefts in 2024.  

Lazarus Group has a long history of targeting crypto platforms. The group was responsible for the $600 million Ronin network hack. In 2024 alone, North Korean hackers stole $1.34 billion in digital assets. This amount is 102% higher than the $660 million stolen in 2023.  

Governments worldwide are raising concerns about North Korea’s cyber threats. The United States, Japan, and South Korea issued a joint warning. They believe that stolen crypto funds North Korea’s nuclear weapons program.  

South Korea sanctioned 15 North Koreans for financing hacking operations. Experts are urging crypto exchanges to strengthen their security systems. Without better defenses, the risk of future attacks remains high.