A significant security breach that led to the theft of approximately $1.5 billion (£1.1 billion) worth of cryptocurrency has been linked to a cybercrime group from North Korea, according to experts. The Dubai-based cryptocurrency exchange, Bybit, was targeted on February 21st, with malware being used to authorize transactions that transferred the funds to the perpetrators.
Elliptic, a British blockchain analytics firm, has attributed the breach to North Korea’s Lazarus Group, based on various factors, including the method used to launder the cryptocurrency assets. Elliptic claims that hackers linked to North Korea have stolen over $6 billion (£4.7 billion) in cryptocurrency assets since 2017, with the stolen funds reportedly being used to fund the country’s ballistic missile program.
Bybit’s CEO, Ben Zhou, has stated that the firm is solvent and can cover the loss; however, the exchange has only managed to trace a small fraction of the stolen assets.
Bybit has now offered a $140 million (£100 million) ‘bounty’ to incentivize the tracing and freezing of the stolen cryptocurrency, with the reward to be shared between those who successfully freeze the assets and those who help track them.
The prices of Bitcoin and other cryptocurrencies have recently declined sharply following the hack, erasing some of the gains since Donald Trump took office with a pro-crypto agenda. Nonetheless, despite this drop, Bitcoin has still seen a significant increase since Mr. Trump’s election victory last year.
According to Chainalysis, a blockchain analysis firm, theft of cryptocurrency assets peaked in 2022 with $3.7 billion (£2.9 billion) stolen, falling to $1.8 billion (£1.4 billion) in 2023, and $2.2 billion (£1.7 billion) in 2024, with the number of hacking incidents on the rise.
North Korea-linked hacking organizations, such as Kimsuky and Lazarus Group, have been identified as responsible for a substantial proportion of all hacks in 2024, with North Korean groups reportedly stealing approximately $660 million (£521 million) across 20 incidents in 2023, rising to $1.34 billion (£1 billion) across 47 incidents in the following year.
Chainalysis describes North Korea as "notorious for their sophisticated and relentless tradecraft, often employing advanced malware, social engineering, and cryptocurrency theft to fund state-sponsored operations and circumvent international sanctions." However, North Korea consistently denies any involvement in cyber hacking or crypto thefts.
Here is a list of the largest cryptocurrency hacks prior to Bybit being targeted, according to Chainalysis:
- $625 million Ronin Network: In March 2022, Lazarus Group reportedly targeted the network that supports the popular Axie Infinity blockchain gaming platform.
- $611 million Poly Network: In August 2021, a lone hacker exploited a vulnerability in the decentralized finance platform Poly Network.
- $569 million Binance BNB Bridge: In October 2022, the Binance exchange was hacked, with hackers exploiting the cross-chain bridge, BSC Token Hub.
- $532 million Coincheck: In January 2018, the Japanese cryptocurrency exchange Coincheck suffered a theft of NEM coins.
- $477 million FTX: In November 2022, thieves stole from FTX’s cryptocurrency wallets after gaining access to an FTX employee’s accounts.
- $473 million Mt Gox: One of the first major cryptocurrency hacks occurred in 2011 when the cryptocurrency exchange Mt Gox was targeted, resulting in the loss of 25,000 Bitcoin.
