North Korean hackers linked to $1.5 billion ByBit crypto heist

Since the attack, crypto fraud investigator ZachXBT has discovered links between the Bybit hackers and the infamous North Korean Lazarus threat group after the attackers sent stolen Bybit funds to an Ethereum address previously used in last month's Phemex hack. In what is now considered the largest crypto heist in history, the attackers intercepted a planned transfer of funds from one of Bybit's cold wallets into a hot wallet, redirecting the crypto assets to a blockchain address under their control. Over the weekend, blockchain security companies and experts have linked North Korea's Lazarus hacking group to the theft of over $1.5 billion from cryptocurrency exchange Bybit. Blockchain analysis company Elliptic said the Lazarus hackers have already moved the stolen funds through large numbers of cryptocurrency wallets to conceal the assets' actual origin and slow down tracing attempts. ZachXBT also claimed the Lazarus hackers are laundering ETH stolen from Bybit Hack using eXch (a centralized mixer) and bridging funds to Bitcoin via Chainflip. "Lazarus Group just connected the Bybit hack to the Phemex hack directly on-chain commingling funds from the intial theft address for both incidents," ZachXBT said. The researcher also said the threat actors launched and traded Pump Fun meme coins to launder the stolen cryptocurrency, with funds from the Bybit hack reaching more than 920 blockchain addresses. "The eXch team accidentally sent 34 ETH ($96K) to the hot wallet of another exchange after laundering $35M+ for Lazarus Group from the Bybit hack today," they said. "One exchange in particular, eXch appears to have knowingly laundered tens of millions of dollars worth of the stolen assets, despite calls from Bybit to halt this," Elliptic co-founder and chief scientist Tom Robinson told BleepingComputer. In December, blockchain analysis company Chainalysis said North Korean hackers stole $1.34 billion in 47 crypto heists in 2024, breaking their previous record of $1.1 billion from 2022.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 24 Feb 2025 16:25:23 +0000

Cyber News related to North Korean hackers linked to $1.5 billion ByBit crypto heist

North Korean hackers linked to $1.5 billion ByBit crypto heist - Since the attack, crypto fraud investigator ZachXBT has discovered links between the Bybit hackers and the infamous North Korean Lazarus threat group after the attackers sent stolen Bybit funds to an Ethereum address previously ...
4 hours ago Bleepingcomputer.com

North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com

North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
2 years ago Therecord.media

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
8 months ago Microsoft.com

North Korean Hackers Stole $600m in Crypto in 2023 - North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM. Despite the eye-watering sum, this figure represents a 30% reduction on ...
1 year ago Infosecurity-magazine.com

North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
2 years ago Thehackernews.com

Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
1 year ago Darkreading.com

Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms | The Record from Recorded Future News - The cryptocurrency exchange Bybit was hacked for more than $1.4 billion worth of Ethereum on Friday in what cybersecurity experts are calling the largest-ever theft targeting a cryptocurrency platform. Zhou speculated that the source of the ...
3 days ago Therecord.media

US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com

US seizes Sinbad crypto mixer used by North Korean Lazarus hackers - The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, ...
1 year ago Bleepingcomputer.com

Hacker steals over $1.46 billion of crypto from Bybit ETH cold wallet - "Please rest assured that all other cold wallets are secure. I will keep you guys posted as more develops, If any team can help us to track the stolen fund will be appreciated," Bybit's CEO added. Bybit says all other cold wallets are fully ...
3 days ago Bleepingcomputer.com

FBI Charges North Korean Hackers Over $100 Million Stolen in Crypto Hack - The FBI has recently charged a North Korean hacker in connection with the Harmony crypto hack from which the hacker allegedly stole over $100 million. The hacker, Jon Chang Hyok, is a member of the North Korean military intelligence agency, the ...
2 years ago Bleepingcomputer.com

The past year was the most detrimental for digital currency security breaches, with North Korean organizations profiting. - In 2022, cyberattacks on cryptocurrency platforms resulted in the theft of almost $4 billion, with a large portion of the activity being attributed to hackers working on behalf of the North Korean government. According to blockchain research firm ...
2 years ago Therecord.media

Hacker steals record $1.46 billion from Bybit ETH cold wallet - "Please rest assured that all other cold wallets are secure. I will keep you guys posted as more develops, If any team can help us to track the stolen fund will be appreciated," Bybit's CEO added. Bybit says all other cold wallets are fully ...
3 days ago Bleepingcomputer.com

macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com

North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
5 days ago Darkreading.com

Microsoft: BlueNoroff hackers plan new crypto-theft attacks - Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn. This financially motivated threat group also has a documented history of cryptocurrency ...
1 year ago Bleepingcomputer.com

Experts from the United Nations Report North Korean Hackers Have Taken a Large Amount of Digital Assets - Last year, North Korean hackers working for the government stole a record-breaking amount of virtual assets estimated to be worth between $630 million and more than $1 billion, according to a new report from U.N. experts. The panel of experts said ...
2 years ago Securityweek.com

Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms - The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the ...
9 months ago Securityweek.com

North Korean Hackers Attacked Indian Medical and Energy Companies - The North Korean military's notorious hacking arm, known as the Lazarus Group, has been accused of targeting public and private sector research organizations, an Indian medical research company, and other businesses in the energy sector. Security ...
2 years ago Therecord.media

Microsoft links North Korean hackers to new FakePenny ransomware - Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. While this threat group's tactics, techniques, and procedures largely overlapped ...
8 months ago Bleepingcomputer.com

North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report - North Korean threat actors are believed to have stolen more than $3 billion in cryptocurrency to date, according to a report from threat intelligence firm Recorded Future. Collectively tracked as the Lazarus Group, the North Korean hackers specialize ...
1 year ago Securityweek.com

Microsoft: Lazarus hackers breach CyberLink in supply chain attack - Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. According to Microsoft ...
1 year ago Bleepingcomputer.com

Lazarus Group hackers appear to return to Tornado Cash for money laundering - North Korea's Lazarus hacking group allegedly has turned back to an old service in order to launder $23 million stolen during an attack in November. Investigators at blockchain research company Elliptic said on Friday that in the last day they had ...
11 months ago Therecord.media

North Korean hackers linked to defense sector supply-chain attack - In an advisory today Germany's federal intelligence agency and South Korea's National Intelligence Service warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government. The attacks aim to ...
1 year ago Bleepingcomputer.com

Latest Cyber News

Russia warns financial sector of major IT service provider hack - 12 minutes ago
Microsoft launches ad-supported Office apps for Windows users - 1 hour ago
Australia bans all Kaspersky products on government systems - 2 hours ago
Botnet targets Basic Auth in Microsoft 365 password spray attacks - 3 hours ago
Threat Actors Stealing Users Browser Fingerprints To Bypass Security Measures & Impersonate Users - 3 hours ago
Australia Prohibits Kaspersky Software in Government Networks Over Major Security Concerns - 4 hours ago
North Korean hackers linked to $1.5 billion ByBit crypto heist - 4 hours ago
Exploits for unpatched Parallels Desktop flaw give root on Macs - 5 hours ago
SafeLine WAF vs CloudFlare: Which One Should You Choose? - 5 hours ago
Android App on Google Play Attacking Indian Users To Steal Login Credentials - 5 hours ago
BIG SHARK Android RAT Cracked & Leaked from Chinese Market - 6 hours ago
Vulnerability in Internet-Connected Smart Beds Let Attackers Access Other Devices in Network - 6 hours ago
Apple has Discontinued its Advanced Data Protection (ADP) Feature for UK Users - 6 hours ago
Chinese Hackers Attacking Industrial Organizations With Sophisticated FatalRAT - 8 hours ago
Stablecoin Bank Hacked - Hackers Stolen $49.5M in Attack - 8 hours ago
New ChatGPT's Premium Features Subscription Phishing Attack Steal Logins - 8 hours ago
Wireshark 4.4.4 Released With Fix for Vulnerability That Triggers DoS Attack - 12 hours ago
Hackers Exploited Confluence Server Vulnerability To Deploy LockBit Ransomware - 12 hours ago
Parallels Desktop 0-Day Vulnerability Gain Root Privileges - PoC Released - 13 hours ago
DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast - 13 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
Kimsuky - 1 year ago
23andMe - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Russia warns financial sector of major IT service provider hack - 12 minutes ago
Microsoft launches ad-supported Office apps for Windows users - 1 hour ago
Australia bans all Kaspersky products on government systems - 2 hours ago
Botnet targets Basic Auth in Microsoft 365 password spray attacks - 3 hours ago
Threat Actors Stealing Users Browser Fingerprints To Bypass Security Measures & Impersonate Users - 3 hours ago
Australia Prohibits Kaspersky Software in Government Networks Over Major Security Concerns - 4 hours ago
North Korean hackers linked to $1.5 billion ByBit crypto heist - 4 hours ago
Exploits for unpatched Parallels Desktop flaw give root on Macs - 5 hours ago
SafeLine WAF vs CloudFlare: Which One Should You Choose? - 5 hours ago
Android App on Google Play Attacking Indian Users To Steal Login Credentials - 5 hours ago
BIG SHARK Android RAT Cracked & Leaked from Chinese Market - 6 hours ago
Vulnerability in Internet-Connected Smart Beds Let Attackers Access Other Devices in Network - 6 hours ago
Apple has Discontinued its Advanced Data Protection (ADP) Feature for UK Users - 6 hours ago
Chinese Hackers Attacking Industrial Organizations With Sophisticated FatalRAT - 8 hours ago
Stablecoin Bank Hacked - Hackers Stolen $49.5M in Attack - 8 hours ago
New ChatGPT's Premium Features Subscription Phishing Attack Steal Logins - 8 hours ago
Wireshark 4.4.4 Released With Fix for Vulnerability That Triggers DoS Attack - 12 hours ago
Hackers Exploited Confluence Server Vulnerability To Deploy LockBit Ransomware - 12 hours ago
Parallels Desktop 0-Day Vulnerability Gain Root Privileges - PoC Released - 13 hours ago
DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast - 13 hours ago