North Korean hackers have reportedly pulled off the largest cryptocurrency heist in history, stealing $1.5 billion from exchange platform Bybit as part of an escalating campaign of digital warfare against Western economic systems.
At a Glance
- North Korean hackers stole $1.5 billion from cryptocurrency exchange Bybit, marking the largest crypto theft in history
- The notorious Lazarus Group, tied to North Korea’s intelligence agency, is believed responsible for the attack
- North Korean hackers were behind 61% of all global cryptocurrency thefts in 2024
- The regime has stolen approximately $3 billion in cryptocurrency since 2017 to fund its weapons programs
- Only $43 million of the stolen funds have been recovered so far
Record-Breaking Digital Heist
Security analysts have confirmed that North Korean hackers executed the largest cryptocurrency theft ever recorded, stealing $1.5 billion from Bybit, the world’s second-largest cryptocurrency exchange. The breach represents a significant escalation in North Korea’s ongoing campaign of economic warfare against Western financial systems. The hack targeted Bybit’s infrastructure, which serves over 40 million users worldwide, demonstrating the advanced capabilities of the regime’s cyber warfare units.
The digital heist was attributed to the Lazarus Group, a hacking organization with direct ties to North Korea’s intelligence services. This group has earned a reputation for sophisticated cyberattacks targeting financial institutions globally. After stealing the cryptocurrency assets, the hackers implemented an elaborate money laundering operation, quickly moving funds through multiple digital wallets and exchanges to conceal their origin before converting them to U.S. dollars or Chinese yuan.
Under the leadership of Kim Jong-un, North Korea has aggressively developed its cyber capabilities as a key pillar of its asymmetric warfare strategy. The regime views digital attacks as a cost-effective method to generate revenue while circumventing international sanctions. Intelligence reports indicate that proceeds from cryptocurrency theft directly fund North Korea’s nuclear weapons and missile programs, with a documented correlation between major heists and subsequent missile launches.
Security firm Elliptic described North Korea as the “most sophisticated and well-resourced launderer of crypto assets in existence,” highlighting the regime’s proficiency in evading detection and sanctions. The country has developed specialized technical units dedicated to cryptocurrency theft, employing highly trained computer science professionals with privileged access to advanced technology.
And this isn’t a new problem. It’s been getting worse for some time.
North Korean hackers were responsible for 61% of all cryptocurrency thefts worldwide in 2024, according to cybersecurity researchers. Since 2017, the regime has amassed approximately $3 billion in stolen cryptocurrency, with the pace of theft accelerating dramatically in recent years. The country shifted its focus from traditional banking systems to cryptocurrency exchanges during the 2017 crypto boom, recognizing the vulnerabilities in less regulated digital asset platforms.
The United States, Japan, and South Korea recently issued a joint statement attributing approximately $660 million in cryptocurrency thefts in 2024 to North Korean-backed actors. The three nations also warned about North Korean IT workers posing as legitimate freelancers who have funneled an estimated $88 million to the Pyongyang regime over six years. Despite international efforts, investigators have recovered only about $43 million of the funds stolen in the Bybit attack.
We think a lot about North Korea as a potential nuclear threat…but it’s already a very real crypto and cybersecurity threat.
