Analysts alarmed as North Korean hackers bypass ‘most secure’ crypto tech to swindle record $1.5 billion | World News
Cryptocurrency researchers and analysts expressed alarm after North Korean hackers from the Lazarus Group managed to steal almost $1.5 billion from crypto exchange Bybit last Friday.
The attack was the biggest ever by margin and managed to bypass a security mechanism considered the safest yet by the industry. Shares of Ether, Bitcoin and other cryptocurrencies slumped after the attack, as did shares of Coinbase Inc., the biggest listed exchange, Bloomberg reported.
The group, which the US FBI believes to have the backing of the North Korea’s Kim Jong-Un regime, attacked the so-called “cold” crypto storage wallet, which was considered to be almost impervious to cyber-attacks. The wallet, which is mostly kept isolated from online networks, stores private keys which are needed to access funds.
Also read | North Korea just opened to international tourists: Here’s what it means for travel in 2025
How did the hack unfold?
They are also called multi-signature wallets, which are widely used by crypto exchanges, Bloomberg reported. Multiple people are required to authorise transactions by entering their signatures to approve moving funds.
In the Bybit hack, the hackers targeted a computer of an employee at Safe Wallet, Bybit’s crypto wallet provider. They tricked the signers by presenting false information through a malicious code, making the automated systems believe that it was approving a legitimate transaction, the report noted.
Shahar Madar, vice president of security and trust at custody solutions provider Fireblocks, told Bloomberg that the attack was a form of an ambush. “It was piggybacking on an existing flow,” he added.
Alarming speed
Analysts were also alarmed by the speed at which the hackers gamed the system and siphoned off funds. Crypto funds from Bybit were laundered using decentralized exchanges and converted to other forms of cryptocurrencies.
Dan Hughes, founder of Radix blockchain, told Bloomberg that multi-signature wallets had provided signers with a false sense of security. “I’m really coming up blank on how exchanges are going to properly be able to defend against this and make sure that the tool chains that are used and the people who are on the multi-sigs aren’t compromised socially or physically,” Hughes said.
Also read | North Korea’s Kim orders nuclear readiness after missile test, KCNA says
Bybit recovers just 3%
Bybit Chief Operating Officer Helen Liu was informed about the hack when she was preparing to have a dinner with her parents in Dubai. Liu was forced to work through the night and the company’s wallet technology engineers “didn’t sleep for two or three days,” as the company was forced to scramble to stem fund outflow by the investors.
The exchange was forced to use its own funds to replace about 515,000 stolen tokens and to borrow from other platforms. “Bybit has successfully restored 77% of its Assets Under Management (AUM) to pre-incident levels,” the company said on Thursday.
According to DefiLlama, the company’s clients withdrew almost $4 billion within two days of the attack. Bybit managed to recover just $43 million or 3% of the total of the stolen crypto assets.
Funds weapons programme
Crypto thefts linked to North Korean hackers doubled last year to $1.34 billion. According to a research by Chainalysis, this accounted for about 60% of the value of global crypto attacks last year. The hackers have managed to surpass their previous record in just one attack on Bybit in early 2025.
According to the US, the Lazarus Group of hackers are controlled by one of North Korea’s primary intelligence agencies, the Reconnaissance General Bureau. Western governments, including the US, believe that funds stolen from such attacks are meant for expanding the Kim Jong-Un regime’s nuclear weapons programme.
Analysts also said guarding against state-sponsored attacks will require companies to spend more on cyber security, implement more stringent regulations and increase coordination with and between governments.
Targeted India as well
North Korean hackers have begun attacking centralised crypto exchanges in recent years, the report said. The group is believed to have hacked Japan’s DMM Bitcoin and India’s WazirX in 2024. The Indian company, which was the country’s biggest crypto exchange at one point, was forced to apply for restructuring after the attack.
