North Korea’s Lazarus Group Steals Record $1.4 Billion in Bybit Hack

North Korean hackers executed the largest cryptocurrency theft in history this February, stealing $1.4 billion from Bybit before channeling the funds through crypto mixers. Security researchers witnessed the massive heist unfold in real-time, revealing a sophisticated operation that highlights the growing threat posed by state-sponsored cyber criminals targeting digital assets.

“Someone had pulled off the biggest hack in [crypto] history, and we had a front-row seat,” said Samczsun, Research Partner at Paradigm, who recalled the incident in a blog post. The researcher was working with SEAL 911, an emergency response unit connected to the Security Alliance, when they observed and confirmed the unauthorized access with Bybit.

While media reports typically attribute such attacks to the “Lazarus Group,” security experts emphasize that North Korea‘s cyber operations are more complex than widely understood. The term serves as a convenient shorthand, but Samczsun argues that discussing the Democratic People’s Republic of Korea’s (DPRK) offensive cyber capabilities requires more precision.

North Korea’s digital attack infrastructure operates under the Reconnaissance General Bureau (RGB), which houses several specialized hacking teams: AppleJeus, APT38, DangerousPassword, and TraderTraitor. Each group possesses distinct targeting methodologies and technical capabilities.

TraderTraitor stands out as the most advanced DPRK actor targeting the cryptocurrency sector. This group focuses on exchanges with substantial reserves and has successfully compromised Axie Infinity through elaborate fake job offers and manipulated WazirX through sophisticated techniques.

AppleJeus specializes in complex supply chain attacks, including the 3CX hack of 2023 that potentially affected 12 million users. Meanwhile, DangerousPassword conducts more basic social engineering operations through phishing emails and malicious messaging on platforms like Telegram.

Another significant subgroup, APT38, emerged from Lazarus in 2016 with a focus on financial crimes. Initially targeting traditional banking systems, this group later shifted its attention to cryptocurrency platforms as digital assets gained prominence.

The U.S. Office of Foreign Assets Control (OFAC) first referenced “North Korean IT workers” in 2018. By 2023, researchers identified two specific operations called “Contagious Interview” and “Wagemole,” where North Korean actors either pose as recruiters or attempt to infiltrate target companies as employees.

Despite the sophisticated nature of these threats, Samczsun offers some reassurance. While DPRK hackers possess zero-day attack capabilities, there have been “no recorded or known incidents” of such attacks being deployed directly against the cryptocurrency industry.

The researcher recommends that crypto companies implement fundamental security practices, including least privilege access protocols, two-factor authentication, and device segregation. In cases where preventive measures fail, organizations should establish connections with security groups like SEAL 911 and the FBI’s DPRK unit.

“DPRK hackers are an ever-growing threat against our industry, and we can’t defeat an enemy that we don’t know or understand,” Samczsun concluded, emphasizing the importance of awareness and preparation in confronting this persistent Cybersecurity challenge.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Coinbase CEO pushes for stablecoin interest to match conventional banking
• OpenAI Secures Massive $40B Funding Round, Valuation Hits $300B
• Sei Foundation Bids to Acquire 23andMe in Blockchain Data Privacy Move
• North Korean Hackers Ramp Up Crypto Attacks, Stealing Billions
• NHL’s Devils Join Theta EdgeCloud with AI Chatbot, Expanding Sports Adoption