Home Industry News science events
  • 简体中文
  • English
  • 简体中文
  • English
Home > Industry News > News detail

From Sony to Bybit: How the Lazarus Group Became the World’s Most Dangerous Crypto Hacker

Bnews editor
08 Mar 2025 10:52:20 AM
On February 21, Bybit’s Ethereum cold wallet was hacked, resulting in the theft of $1.46 billion linked to the North Korean state-backed Lazarus Group, further fueling the group’s multi-billion-dollar crypto crime spree.On February 21, Bybi
From Sony to Bybit: How the Lazarus Group Became the World’s Most Dangerous Crypto Hacker

On February 21, Bybit’s Ethereum cold wallet was hacked, resulting in the theft of $1.46 billion linked to the North Korean state-backed Lazarus Group, further fueling the group’s multi-billion-dollar crypto crime spree.

On February 21, Bybit’s Ethereum cold wallet was hacked, resulting in the theft of $1.46 billion. The attack is one of the largest cryptocurrency heists in history. The hackers used a “shielded” transaction method and a fake Safe wallet interface to trick Bybit’s security team into approving malicious transactions.

The attack was linked to the FBI. In response, Bybit co-founder and CEO Ben Zhou declared war on North Korean hackers.

Who is the Lazarus Group?

The Lazarus Group is a North Korean government-backed hacker group that was founded around 2009. Also known as Hidden Cobra, Zinc, Diamond Sleet, or Peacekeepers, its size and structure remain unknown.

According to US law enforcement, the group is led by Park Jin Hyok, a North Korean national who worked as a software developer in China before returning to North Korea in 2011. The FBI describes him as one of the culprits behind some of the most destructive cyber intrusions in history.

"Park Jin Hyok is alleged to be a government-sponsored North Korean computer programmer who participated in an alleged criminal conspiracy and caused the most severe computer intrusions in history. These intrusions caused damage to numerous victims' computer systems and stole their currency and virtual currencies."

The first confirmed attacks by the Lazarus Group date back to 2009, initially targeting South Korean government resources. Over the years, their operations have expanded across the globe.

National Relations and International Influence

It is widely believed that the Lazarus Group operates under the control of the North Korean government. Only a small number of North Koreans have access to the open internet, and most people can only use censored state-controlled networks, so such large-scale cyber operations are impossible without state approval.

However, researchers at the NCC Group believe that many North Korean hackers operate outside of North Korea. The FBI has confirmed that members of the group are located in China and other countries.

Earlier high-profile attacks

Sony Pictures hack (2014): Lazarus Group shut down Sony Pictures Entertainment and displayed death threats on employees' screens. Hackers also compromised the personal data of 7,000 employees. The attack was widely believed to be a retaliation for the release of the satirical film "The Interview," which depicts an attempt to assassinate Kim Jong-un. Sony ultimately canceled the film's release.

Bangladesh Central Bank heist (2016): Hackers used the SWIFT network to steal $81 million from Bangladesh Bank's account at the Federal Reserve Bank of New York.

Related article: Bybit close to full recovery of ETH reserves after $1.4 billion hack

WannaCry ransomware (2017): The group infected more than 300,000 computers worldwide, demanding a $300 Bitcoin ransom from victims, including hospitals in Europe, Renault, and Nissan.

Cryptocurrency thefts: Billions stolen

The Lazarus Group has been heavily involved in cryptocurrency thefts since 2017, targeting centralized exchanges, DeFi platforms, and bridges.

2017-2018: Cape $882 million from 14 cryptocurrency exchanges.

2022: Hacked Ronin sidechain, stole $620 million from Axie Infinity players.

2022: Attacked Harmony's Horizon Bridge and Atomic Wallet, took $200 million.

2017-2022: Total estimated cryptocurrency thefts: $3 billion.

2023: At least $600 million stolen according to TRM Labs.

2024: $1.34 billion stolen in cryptocurrency according to Chainalysis.

2025: Bybit hack cost at least $1.46 billion.

Where did the money go?

The United Nations has previously reported that North Korea uses stolen cryptocurrency to fund its nuclear and missile programs, although direct evidence remains scarce.

Regardless of the end use, the actions of the Lazarus Group have damaged the reputation of the entire cryptocurrency industry. The Bybit hack is yet another reminder that even large exchanges with advanced security infrastructure are still vulnerable to attacks by state-sponsored cybercriminals.

Bybit
Recommended Reading
Researcher proposes to increase Ethereum's gas limit 100 times in 4 years
Researcher proposes to increase Ethereum's gas limit 100 times in 4 years
28 Apr 2025
 Blackrock’s IBIT Approaches 600,000 BTC as ETF Reserve Growth Accelerates
Blackrock’s IBIT Approaches 600,000 BTC as ETF Reserve Growth Accelerates
28 Apr 2025
 Coinshares: Bitcoin hashrate is expected to reach 1 zetta hashrate in July
Coinshares: Bitcoin hashrate is expected to reach 1 zetta hashrate in July
28 Apr 2025
 Data: SUI, OMNI, OP and other tokens will be unlocked in large amounts this week, of which SUI unlocks about $267 million
Data: SUI, OMNI, OP and other tokens will be unlocked in large amounts this week, of which SUI unlocks about $267 million
28 Apr 2025
 TURBO rises to 3-month high, but the indicator hints at a pullback - why?
TURBO rises to 3-month high, but the indicator hints at a pullback - why?
28 Apr 2025
 Crypto Market Weekly Winners and Losers – VIRTUAL, TRUMP, DEXE, BGB
Crypto Market Weekly Winners and Losers – VIRTUAL, TRUMP, DEXE, BGB
28 Apr 2025
 Shiba Inu: How SHIB can outperform competitors in a market downturn by 2025
Shiba Inu: How SHIB can outperform competitors in a market downturn by 2025
28 Apr 2025
 Bitcoin Targets $100K — Is It Closer Than We Expected?
Bitcoin Targets $100K — Is It Closer Than We Expected?
28 Apr 2025
Popular Searches
ai Cryptocurrency Ethereum btc gold 比特币 Dollar Binance Securities Trading Crypto Trading
Related News
Researcher proposes to increase Ethereum's gas limit 100 times in 4 years
Researcher proposes to increase Ethereum's gas limit 100 times in 4 years
Blackrock’s IBIT Approaches 600,000 BTC as ETF Reserve Growth Accelerates
Blackrock’s IBIT Approaches 600,000 BTC as ETF Reserve Growth Accelerates
Coinshares: Bitcoin hashrate is expected to reach 1 zetta hashrate in July
Coinshares: Bitcoin hashrate is expected to reach 1 zetta hashrate in July
Data: SUI, OMNI, OP and other tokens will be unlocked in large amounts this week, of which SUI unlocks about $267 million
Data: SUI, OMNI, OP and other tokens will be unlocked in large amounts this week, of which SUI unlocks about $267 million