North Korean hackers just pulled off the crypto heist of the century. In a mind-blowing digital smash-and-grab, the notorious Lazarus Group made off with $1.5 billion from Bybit cryptocurrency exchange on February 21, 2025. That’s billion with a B. The theft, which targeted one of Bybit’s Ethereum cold wallets, makes the infamous 2021 Poly Network hack look like pocket change.
The attackers didn’t need fancy code exploits or breakthrough hacking tools. Nope. They just tricked human operators with a deceptive user interface that showed legitimate transaction details while secretly executing malicious smart contract logic. Classic social engineering, but with a high-tech twist. The signers thought they were approving routine transfers. Instead, they handed over the keys to approximately 400,000 ETH and stETH. Without a central authority to reverse the transactions, the stolen funds were irretrievably lost on the blockchain.
Old-school social engineering meets crypto: hackers fooled humans with fake transaction screens while smart contracts did the dirty work.
Multiple cybersecurity firms connected the dots back to North Korea’s Lazarus Group, with blockchain sleuth ZachXBT and Arkham Intelligence providing damning evidence. These guys have apparently stolen over $6 billion in crypto since 2017. The stolen assets are reportedly being used to fund North Korea’s ballistic missile program. They’re getting pretty good at it. The investigators uncovered the scheme by tracking test transactions and wallet patterns that preceded the massive heist.
The fallout was brutal. Bybit, the world’s second-largest crypto exchange, watched helplessly as users yanked out $4 billion in a good old-fashioned bank run. Total outflows hit $5.5 billion when you count the stolen funds. CEO Ben Zhou had to hop on X for an emergency livestream, promising secured bridge loans to cover 80% of losses.
The thieves didn’t waste time moving the loot. They scattered the funds across more than 40 wallets, converted tokens to ETH through decentralized exchanges, and used cross-chain bridges to blur the trail. The eXch exchange apparently helped launder the funds, though they probably weren’t thrilled about the publicity.
This mess has the crypto world rethinking everything about cold wallet security and multisig systems. Turns out fancy tech doesn’t matter much when someone can just trick the humans running it. The industry’s having some uncomfortable conversations about security standards and regulation.
But hey, at least they’ve learned that user interfaces matter. A lot.