North Korea’s notorious hacking syndicate, Lazarus Group, has successfully laundered a significant portion of the $1.5 billion stolen in the recent Bybit hack by converting Ethereum (ETH) to Bitcoin (BTC). According to data from Arkham Intelligence, the group now holds 13,562 BTC, valued at approximately $1.12 billion.
Massive Crypto Theft and Conversion
The Bybit exchange suffered a major security breach on February 21, 2025, with over $1.5 billion in ETH stolen. Initially, the hackers transferred the stolen funds into multiple wallets to obscure their movements. However, fresh reports indicate that Lazarus has been using the THORChain protocol to bridge approximately $1.3 billion worth of ETH to BTC.
Obfuscating the Stolen Funds
In a bid to cover their tracks, Lazarus Group recently moved 400 ETH to Tornado Cash, a crypto-mixing service often used to hide the origins of digital assets. This move is part of a broader laundering strategy that has long been associated with North Korean cybercriminals.
FBI Confirms North Korea’s Involvement
The FBI has confirmed that the Bybit hack was orchestrated by the Lazarus Group, also known as TraderTraitor, a cybercriminal faction linked to the North Korean government. U.S. authorities warn that these stolen funds could be used to finance Pyongyang’s weapons programs, as North Korea has historically relied on cryptocurrency heists to bypass international sanctions.
Bybit’s Response and Global Crackdown
Bybit CEO Ben Zhou has acknowledged the hack and stated that the exchange is working with blockchain analytics firms to track the stolen funds. The exchange has also offered a $140 million bounty for any information leading to the recovery of the stolen assets. Meanwhile, authorities worldwide are closely monitoring the movement of the stolen funds in an attempt to freeze or recover them.
Conclusion
The Bybit hack underscores the growing threat of state-sponsored cybercrime, particularly in the cryptocurrency space. While authorities attempt to crack down on illicit crypto transactions, North Korea’s Lazarus Group continues to refine its laundering techniques, making asset recovery increasingly difficult. The incident serves as a stark reminder of the urgent need for stronger security protocols and enhanced global cooperation to combat such cyber threats.
