Recent investigations have confirmed suspicions linking the North Korean cybercrime group, Lazarus, to significant cryptocurrency heists. New onchain evidence suggests Lazarus Group’s involvement in both the recent $1.4 billion Bybit hack and a $29 million Phemex hack in January. Analysis by blockchain security experts, Arkham Intelligence and ZachXBT, highlighted the connections between these incidents and uncovered the transfer of funds from Bybit to Phemex-associated hacker wallets.
The February 21 breach of Bybit, now the largest cryptocurrency theft to date, resulted in the theft of over $1.4 billion in liquid-staked Ether and other ERC-20 tokens. Similarly, the January Phemex hack saw $29 million siphoned through over 125 transactions across 11 blockchains before conversion to Ether via obfuscation methods like Tornado Cash.
This wave of cyber-attacks, spearheaded by the Lazarus Group, aligns with patterns observed in past major heists such as the $230 million WazirX breach. According to Meir Dolev of Cyvers, the attackers exploited vulnerabilities in Ethereum multisig wallets, executing deceptive transactions to gain unauthorized access.
North Korean hackers have notoriously pilfered $1.34 billion in digital assets in 2024 alone, marking a 102% increase over the previous year. These actions prompted a joint advisory from the United States, Japan, and South Korea warning of the escalating threats posed by North Korean cybercriminals.
The Lazarus Group’s extensive involvement in some of the largest crypto thefts—alongside allegations of aiding North Korea’s nuclear pursuits—underscores the increasing sophistication and scale of their operations in the cybercrime landscape.
