A staggering $1.46 billion in cryptocurrencies was stolen from Bybit, a Dubai-based exchange, on February 21, 2025. According to blockchain security firm Elliptic, the notorious North Korean hacking group, Lazarus, is responsible for the attack.
Experts believe the stolen assets are now being laundered through a complex web of transactions, with crypto mixers expected to play a key role in hiding the funds.
Biggest Crypto Heist in History
This Bybit hack is the largest crypto theft ever recorded, surpassing the $611 million stolen from Poly Network in 2021. The attack also surpasses the previous record for the biggest known theft of any kind—when Saddam Hussein took $1 billion from Iraq’s central bank in 2003.
Initial reports suggest that hackers used malware to trick Bybit into approving fraudulent transactions. The stolen funds were then moved to various wallets and quickly converted into Ether.
Security experts say the hackers acted within minutes of the breach, using decentralised exchanges (DEXs) to swap stolen tokens for blockchain-native assets like Ether, making them harder to freeze.
North Korea’s Lazarus Group Behind the Attack
Elliptic has attributed the attack to North Korea’s Lazarus Group. The group has stolen over $6 billion in cryptocurrencies since 2017, with much of the funds reportedly used to finance North Korea’s missile program.
The Lazarus Group is known for its sophisticated techniques in executing hacks and laundering stolen funds through thousands of transactions.
Experts tracking the Bybit funds say that within two hours of the theft, the assets were dispersed across 50 different wallets, each holding around 10,000 ETH. By February 23, at least $140 million had already been moved from these wallets through services like DEXs, cross-chain bridges, and centralized exchanges.
One particular exchange, eXch, has played a significant role in laundering these funds. eXch allows users to swap crypto anonymously and has been linked to multiple criminal activities in the past. Despite requests from Bybit, the exchange has refused to block transactions linked to the hack.
Also Read: Crypto Exchange Xeggex Locks Down Wallets After CEO’s Account Hacked, Users Panic
Rising Crypto Exchange Hacks
The Bybit attack is the latest in a growing wave of crypto exchange hacks. North Korean hackers have been increasingly targeting centralized exchanges, taking advantage of security gaps to steal billions in digital assets.
On January 23, 2025, Phemex, another crypto exchange, suffered a major breach, losing around $70 million. Security experts believe North Korean hackers may have been behind this attack as well. The funds stolen from Phemex were moved using similar laundering techniques, indicating a well-coordinated strategy by cyber criminals.
WazirX also faced a security breach in recent years. Although the losses were not as high as Bybit or Phemex, the incident highlighted the growing threat of crypto hacks. These attacks show a clear pattern—hackers exploit vulnerabilities, convert stolen assets into harder-to-trace cryptocurrencies, and then use mixers to further obscure the transaction trail.
5000 ETH from Bybit Hack Already Transferred Through Mixers
After the Bybit exchange attack, hackers from the Lazarus group allegedly started sending money to mixers.
It was reported that Lazarus recently began their usual intricate process to clean up the money by laundering 5,000 ETH from the Bybit $1.5 billion heist.
Laundering Through Mixers
Experts predict that the Bybit hackers will soon turn to crypto mixers to further hide the stolen funds. Mixers, such as Tornado Cash, work by pooling together multiple transactions and redistributing them in a way that makes tracing nearly impossible. However, due to the massive volume of stolen assets, laundering through mixers may be challenging.
Despite continuous efforts by security firms and law enforcement agencies to track and recover stolen funds, the Lazarus Group remains one step ahead. Their laundering process is constantly evolving, making it difficult to block or seize funds before they disappear.
Also Read: New Zealand’s Cryptopia Exchange Begins $225 Million User Repayment Plan After Hack