North Korea's Lazarus Group is notorious for significant crypto thefts. The Bybit hack and other incidents highlight the scale of its operations.
Identification of the Lazarus Group
According to the U.S. Treasury, the Lazarus Group is controlled by the Reconnaissance General Bureau of North Korea. Three suspected hackers have been charged by the U.S. Department of Justice and are implicated in major cyber attacks, including the 2014 Sony hack and the 2016 Bangladesh Bank heist.
How Bybit's Largest Hack Occurred
On February 21, 2025, the Lazarus Group orchestrated a sophisticated phishing attack on Bybit, resulting in the theft of $1.4 billion. The hackers used a fake version of Bybit’s wallet management system to gain access to the exchange's assets.
Social Engineering and Other Operations
Using social engineering tactics such as fake job interviews and fraudulent venture capitalists, the Lazarus Group has amassed over $10 million in half a year. Additionally, hackers have infiltrated foreign companies using stolen profiles, creating a steady stream of illicit income.
Despite increased scrutiny from law enforcement and blockchain investigators, the Lazarus Group continues to adapt, refining its tactics to avoid detection and maintain its revenue streams.
