North Korean Cyber Heist on Crypto Currency Exchanges
The crypto currency exchange ByBit, that is based in Dubai, was hacked by the North Korean threat actor sometimes known as “Lazarus”. According to several sources the hackers managed to steal a record-breaking $1.4 billion in Ethereum crypto currency. The same threat actor also manage to hack another crypto exchange Phemex in January 2025.
The term “Lazarus” covers several threat actors that all have in common that they are part of North Korea’s military intelligence, Reconnaissance General Bureau (RGB). The RGB is known to engage in cybercrime to fund its own espionage activities and North Korea’s military research, for example the country’s development of weapons of mass destruction. Researchers also claims that ByBit threat actor managed to hack the personal laptops of individuals involved in signing transactions and manipulate them into validating fraudulent transfers. It’s believed that ByBit was used by many Russian actors, including some ransomware groups, that may have lost their funds in this attack, although so far, ByBit officially claims that all losses will be reimbursed.
Assessment
Crypto currency exchanges are a major target North Korean state sponsored cybercrime and espionage groups. North Korean threat actors have proven to be patient and skilled in social engineering. They can sit on stolen funds for years and carefully redistribute it into the market. The lack of regulation of the international crypto currency market, makes crypto currency exchanges a much more tempting target for cybercriminals than traditional banks, where regulation can allow the roll-back of large fraudulent transfers.
References
[1] https://cointelegraph.com/news/bybit-exchange-hacked
[2] https://x.com/arkham/status/1893033424224411885
[3] https://www.coindesk.com/business/2025/01/23/crypto-exchange-phemex-investigating-hack-reports-as-usd29m-drained-from-hot-wallets