North Korea’s Lazarus Group Linked To Bybit And Phemex Hacks

The stories of hacks are resurfacing in the crypto universe, and guess who is back in the spotlight? The infamous North Korean hacker group Lazarus Group. This time, it’s Bybit that is bearing the brunt, with a historic heist of $1.4 billion. Even worse, investigations reveal troubling connections between this attack and the one that struck Phemex last January. The affair has taken on an international dimension and leaves investors in shock.

Bybit Affair : Stolen Crypto Funds Traveling from One Hack to Another

Investigations conducted by Arkham Intelligence and on-chain detective ZachXBT show an undeniable fact: the same wallets are involved in the hacks of Bybit and Phemex. In summary, the hackers consolidated their loot in the same place before embarking on their usual money laundering operation.

ZachXBT even shared an alert on X:

“Lazarus Group has just linked the hack of Bybit to that of Phemex directly on-chain by mixing the funds from both attacks in a common address.“

The numbers are staggering:

• $1.4 billion stolen from Bybit, which is 70% of its ETH reserves;
• $29 million taken from Phemex;
• 125 suspicious transactions recorded;
• 11 different blockchains involved.

How do hackers manage to make these digital assets disappear? They use crypto mixers like Tornado Cash, making the funds nearly untraceable. Bybit has thus become the latest episode in a long series of heists orchestrated by North Korean pirates.

Lazarus Group : A Track Record of Cyberattacks That Worries the Industry

Lazarus Group is not new to this game. The group is already responsible for some of the largest crypto thefts in history, such as the hack of the Ronin network ($600 million) or that of WazirX ($230 million). In 2024, the North Korean hackers would have already stolen $1.34 billion in digital assets, which represents a 102% increase compared to 2023.

The threat is so serious that the American, Japanese, and South Korean governments have issued a joint warning.

How does Lazarus operate? By exploiting the cybersecurity flaws of crypto exchange platforms.

In the case of Bybit, the attack relies on a diabolical scheme: a fake smart contract that deceived the signers and compromised a multi-signature Ethereum (ETH) wallet.

It seems that hackers have more imagination than Hollywood!

With such a track record, one question remains: who will be the next victim of this elusive gang? And above all, can crypto exchanges still ensure the safety of their users in the face of these increasingly sophisticated attacks?

The CEO of Bybit assures that client funds are safe, but it is hard to forget the scale of the disaster. With $1.4 billion stolen, this hack goes down in history and reinforces Lazarus Group’s position as public enemy number one in the digital space.