North Korean badasses have stolen $2.5 billion in the largest crypto theft ever. Who is ByBit? How good are North Korean hackers? And how do you make $2.5 billion of e-coins just disappear? All in this week’s NerdNews.
On 21 February 2025, Bybit, a Dubai-based cryptocurrency exchange, suffered a staggering blow: hackers stole approximately USD $1.5 billion (about AUD $2.5 billion!) worth of Ethereum (ETH) and related tokens from one of its cold wallets. This isn’t just any crypto heist - it’s being called the largest cryptocurrency theft in history, sending shockwaves through the digital finance world. But what does this mean for the average person, and how did it happen? Let’s break it down.
Where was the moolah and how did they do it?
Bybit, like other crypto exchanges, uses “cold wallets” to store digital assets offline, in theory away from internet hackers. Think of it as a locked safe in a vault, kept away from the actual bank, designed to be both impenetrable and hidden at a good distance from where robbers go looking for loot.
Reports suggest the hackers exploited a vulnerability in Bybit’s Ethereum cold wallet, possibly spoofing the user interface or tricking the exchange’s multi-signature system into approving a malicious transaction. This allowed them to transfer the funds to an unidentified address. Bybit’s CEO, Ben Zhou, confirmed the breach, clarifying that only one Ethereum wallet was hit, while other wallets remained secure.
In plain English please Adam... Imagine cunning burglars tricking a bank employee into opening a remote safe by forging a manager’s signature or fooling a facial recognition camera - a sneaky manipulation as opposed to a violent smash-and-grab.
So who are the bad guys?
Blockchain security firms like Arkham Intelligence, Elliptic, and analyst ZachXBT believe the culprits are linked to North Korea’s Lazarus Group; legendary cyber badasses, known for stealing crypto to fund the repressive regime. The funds seemed to have left ByBit and flowed to several wallets used in previous North Korean hacks. As international sanctions have bitten hard on Kim Jong Un’s fiefdom, the UN has identified the rogue state as being behind around 60 international crypto heists.
Will world crypto collapse?
It is still early days, but the resilience of ByBit and global crypto has seemed reasonably impressive in the aftermath of such a massive haul. Yes, the crypto industry felt an immediate sting. Ethereum prices dropped about 4%; not surprising given that this single attack accounts for over half of all the assets stolen in crypto hacks in 2024. But Bybit promised to cover the losses, securing bridge loans from fellow crypto players and tapping reserves, even as a “bank run” saw over $5.3 billion in withdrawals flood out, testing but maintaining their stability.
Bybit is now in damage control, working with forensic experts and authorities to trace the stolen funds and offering to pay out a percentage of all the assets it can recover as a bounty to anyone who can help them track it down. This has created a $140 million bounty to motivate good-hearted hackers to help in the recovery effort.
One thread of commentary online has been from players in crypto celebrating how the industry has come together to help ByBit, a fellow player, in such dark times. How much of this is spin? Will the good vibes hold? Again, only time will tell.
The bigger picture
For many critics, this highlights crypto’s risks. Cold wallets are safer than hot (online) ones, but as Bybit will attest - no system is foolproof. The hack also raises questions about regulation: should crypto exchanges face stricter security rules? And as for North Korea’s alleged role, it’s a grim geopolitical reminder as to how one of the world’s most repressive regimes is actively playing at the cutting edge of crime.
The top 5 cryptocurrency heists
By definition, crypto-heists are hard to put exact dollar amounts on, but let’s put the ByBit hack into perspective. Here is a “best attempt” list of the top 5 ever, based on the estimated USD value stolen at the time of the heist, as reported by industry news and blockchain analysts.
1 | Bybit (February 2025)
Kim Jong Un and his North Korean naughties are number one with a bullet, by miles, stealing $1.5-1.6 billion!
2 | Ronin Network (March 2022)
Hackers exploited compromised private keys to steal 173,600 ETH ($595 million) and USDC 25.5 million ($25.5 million) from the Ronin Network, linked to the popular online Axie Infinity game. Again the U.S. Treasury attributed this to the Lazarus Group, so the DPRK hold the top two spots.
3 | Poly Network (August 2021)
A hacker exploited a vulnerability to steal $610 million in various cryptocurrencies (Ethereum, Binance Smart Chain tokens, etc.). Amazingly, the hackers returned nearly all funds, claiming ideological motives, but the initial theft ranked it among the largest.
4 | Coincheck (January 2018)
Hackers stole around $530 million in NEM (XEM) tokens from Coincheck’s hot wallet, linked to a vulnerability exploited via malware-infected employee laptops. South Korea accused - go on, have a guess … yep - a North Korean hacking crew!
5 | MT Gox (2011–2014)
Over 850,000 BTC were stolen from MT Gox, at the time the world’s largest exchange that once handled 70% of global Bitcoin trades, in a series of hacks from 2011 to 2014. Valued at $416-460 million at the time, it’s now worth billions, but this historical loss ranks as the fifth largest based on original estimates. The U.S. Department of Justice charged two Russian nationals, Alexey Bilyuchenko and Aleksandr Verner, in 2023 with laundering 647,000 of the stolen bitcoins, suggesting they were key perpetrators. The full story remains unclear, with 200,000 bitcoins recovered and 650,000 still missing.
That’s all from me for now. If you'd like more geeky fun, please check out my other newsletters below, or connect with me on LinkedIn and/or X.
Yours in nerdiness,
Adam
Comments