Lazarus Group’s 2024 pause was repositioning for $1.4B Bybit hack
North Korea-affiliated hackers may have scaled back their operations in the second half of 2024 while preparing for what became the largest crypto hack in history.
The crypto industry was rocked by the enormous hack on Feb. 21 when Bybit lost over $1.4 billion to the infamous North Korean Lazarus Group, which seems to have prepared the attack months in advance.
According to blockchain analytics firm Chainalysis, illicit activity tied to North Korean cyber actors sharply declined after July 1, 2024, despite a surge in attacks earlier that year.
The slowdown in crypto hacks by North Korean agents had raised significant red flags, according to Eric Jardine, Chainalysis cybercrimes research Lead.
North Korean hacking activity before and after July 1. Source: Chainalysis
North Korea’s slowdown “started when Russia and DPRK [North Korea] met for their summit that led to a reallocation of North Korean resources, including military personnel to the war in Ukraine,” Jardine told Cointelegraph during the Chainreaction show on March 26, adding:
“So, we speculated in the report that there might have been additional things unseen in terms of resources reallocation from the DPRK, and then you roll forward into early February, and you have the Bybit hack.”
— Cointelegraph (@Cointelegraph) March 26, 2025
“The slowdown that we observed could have been a regrouping to select new targets, probe infrastructure, or it could have been linked to those geopolitical events,” he added.
Related: Hyperliquid whale still holds 10% of JELLY memecoin after $6.2M exploit
It took the Lazarus Group 10 days to launder 100% of the stolen Bybit funds through the decentralized crosschain protocol THORChain, Cointelegraph reported on March 4.
Still, blockchain security experts were hopeful that a portion of the funds could be frozen and recovered by Bybit. As of March 20, over 80% of the stolen $1.4 billion was still traceable as blockchain investigators continue their efforts to freeze and recover the funds.
Related: Polymarket faces scrutiny over $7M Ukraine mineral deal bet
How hackers staged the world’s biggest crypto hack
The Bybit attack highlights that even centralized exchanges with strong security measures remain vulnerable to sophisticated cyberattacks, analysts said.
The attack shares similarities with the $230 million WazirX hack and the $58 million Radiant Capital hack, according to Meir Dolev, co-founder and chief technical officer at Cyvers.
Dolev said the Ethereum multisig cold wallet was compromised through a deceptive transaction, tricking signers into unknowingly approving a malicious smart contract logic change.
“This allowed the hacker to gain control of the cold wallet and transfer all ETH to an unknown address,” Dolev told Cointelegraph.
North Korea hacking activity. Source: Chainalysis
Throughout 2024, North Korean hackers stole over $1.34 billion worth of digital assets across 47 incidents, a 102% increase from the $660 million stolen in 2023, according to Chainalysis data.
This accounted for 61% of the total crypto stolen in 2024.
Magazine: Memecoins are ded — But Solana ‘100x better’ despite revenue plunge
Bitcoin (BTC) $ 95,931.00
Ethereum (ETH) $ 1,838.65
Tether (USDT) $ 1.00
XRP (XRP) $ 2.20
BNB (BNB) $ 600.24
Solana (SOL) $ 146.84
USDC (USDC) $ 0.999993
Dogecoin (DOGE) $ 0.175891
Cardano (ADA) $ 0.704489
TRON (TRX) $ 0.246819
Lido Staked Ether (STETH) $ 1,837.86
Wrapped Bitcoin (WBTC) $ 95,900.00
Sui (SUI) $ 3.29
Chainlink (LINK) $ 14.26
Avalanche (AVAX) $ 20.50
Stellar (XLM) $ 0.270221
LEO Token (LEO) $ 8.95
USDS (USDS) $ 0.999956
Toncoin (TON) $ 3.09
Hedera (HBAR) $ 0.181415
Wrapped stETH (WSTETH) $ 2,208.28
Shiba Inu (SHIB) $ 0.000013
Bitcoin Cash (BCH) $ 363.61
Hyperliquid (HYPE) $ 20.96
Litecoin (LTC) $ 86.47
Polkadot (DOT) $ 4.02
WETH (WETH) $ 1,839.53
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999929
Bitget Token (BGB) $ 4.38
Monero (XMR) $ 275.22
Ethena USDe (USDE) $ 1.00
WhiteBIT Coin (WBT) $ 28.81
Pi Network (PI) $ 0.587931
Wrapped eETH (WEETH) $ 1,961.01
Coinbase Wrapped BTC (CBBTC) $ 95,890.00
Pepe (PEPE) $ 0.000008
Dai (DAI) $ 0.999774
Aptos (APT) $ 5.18
sUSDS (SUSDS) $ 1.05
OKB (OKB) $ 51.32
Uniswap (UNI) $ 5.09
Bittensor (TAO) $ 349.46
NEAR Protocol (NEAR) $ 2.43
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Ondo (ONDO) $ 0.875793
Aave (AAVE) $ 177.33
Gate (GT) $ 21.70
Ethereum Classic (ETC) $ 16.65
Internet Computer (ICP) $ 4.72
Kaspa (KAS) $ 0.094859
Mantle (MNT) $ 0.731150
Cronos (CRO) $ 0.089368
Tokenize Xchange (TKX) $ 30.54
Render (RENDER) $ 4.57
Official Trump (TRUMP) $ 11.23
VeChain (VET) $ 0.026033
USD1 (USD1) $ 1.00
Ethena Staked USDe (SUSDE) $ 1.17
POL (ex-MATIC) (POL) $ 0.230008
Lombard Staked BTC (LBTC) $ 95,812.00
Cosmos Hub (ATOM) $ 4.22
Fasttoken (FTN) $ 4.29
Artificial Superintelligence Alliance (FET) $ 0.686633
Algorand (ALGO) $ 0.206870
Filecoin (FIL) $ 2.65
Sonic (prev. FTM) (S) $ 0.548108
Ethena (ENA) $ 0.291051
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.11
Celestia (TIA) $ 2.45
Arbitrum (ARB) $ 0.319685
Solv Protocol SolvBTC (SOLVBTC) $ 95,831.00
First Digital USD (FDUSD) $ 0.998439
KuCoin (KCS) $ 10.73
Maker (MKR) $ 1,512.72
Bonk (BONK) $ 0.000016
Worldcoin (WLD) $ 0.948348
NEXO (NEXO) $ 1.25
Jupiter (JUP) $ 0.430643
Quant (QNT) $ 85.60
Binance Staked SOL (BNSOL) $ 153.98
Flare (FLR) $ 0.018909
Stacks (STX) $ 0.772561
XDC Network (XDC) $ 0.073620
Optimism (OP) $ 0.679649
Binance-Peg WETH (WETH) $ 1,839.13
Virtuals Protocol (VIRTUAL) $ 1.69
Fartcoin (FARTCOIN) $ 1.09
EOS (EOS) $ 0.716763
Sei (SEI) $ 0.207239
Kelp DAO Restaked ETH (RSETH) $ 1,914.24
Immutable (IMX) $ 0.567230
USDT0 (USDT0) $ 1.00
Story (IP) $ 3.70
Injective (INJ) $ 9.65
PayPal USD (PYUSD) $ 0.999276
Curve DAO (CRV) $ 0.697151
Binance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999759
The Graph (GRT) $ 0.093001
Wrapped BNB (WBNB) $ 600.10
Rocket Pool ETH (RETH) $ 2,086.18
