In a mind-boggling crypto heist that would make Ocean’s Eleven look like amateur hour, hackers swiped a staggering 401,346 Ethereum – worth $1.4 billion – from cryptocurrency exchange Bybit on February 21, 2025. The culprits? None other than North Korea’s infamous Lazarus Group, because apparently, launching missiles isn’t profitable enough anymore.
The attack was executed with surgical precision during what should have been a routine wallet transfer. The hackers compromised a Safe{Wallet} developer’s computer, sneakily altering the wallet’s front-end code. While Bybit’s signers thought they were approving a legitimate transaction, the malicious JavaScript underneath had other plans. Spoiler alert: those plans involved redirecting a mountain of ETH to the attackers’ address.
With surgical precision and compromised code, hackers turned a routine crypto transfer into history’s biggest digital heist.
By March 20, 2025, the thieves had been busy little bees, converting 86.29% of the stolen Ethereum to Bitcoin. The funds now sit scattered across roughly 4,400 addresses, like a digital version of hide-and-seek. About 10% of the assets have vanished into the ether (pun intended) through fees, freezes, and off-ramps. The group has begun funneling large portions through THORSwap protocol to further obscure the money trail. The massive movement of funds caused significant price slippage despite Ethereum’s typically high liquidity.
The FBI didn’t waste time pointing fingers. Along with multiple blockchain analysis companies, they confirmed what many suspected: the Lazarus Group, also known by their fancy aliases TraderTraitor, APT38, and BlueNoroff, was behind the largest cryptocurrency theft in history. The Internet Crime Complaint Center made it official with a PSA on February 26, 2025. Immediate security measures were implemented by the exchange to prevent further unauthorized access.
Bybit isn’t taking this lying down. They’ve launched a recovery bounty program and enlisted help from industry heavyweights like Chainalysis, Elliptic, and TRM Labs to track the stolen funds. These blockchain bloodhounds are monitoring nearly 90% of the misappropriated assets as they move through the crypto ecosystem.
Meanwhile, TraderTraitor continues their laundering spree, probably wondering how to spend their ill-gotten gains. But with the world’s top blockchain analysts watching their every move, they might find that stealing $1.4 billion was the easy part. Getting away with it? That’s another story entirely.
