THE BIGGEST HACK IN CRYPTO: Lazarus stole $1.46 billion from Bybit
The Lazarus hacker group, led by Park Jin-hyuk (wanted by the FBI), carried out the largest cryptocurrency hack in history. They stole $1.46 billion worth of ETH and ERC-20 tokens from the Bybit exchange, which is 2 times more than the previous record.
How did they do it? Let's take it apart.
Who are Lazarus?
This is a North Korean hacker group associated with the DPRK's military program.
They were behind the biggest attacks in history:
Axie Infinity (Ronin Bridge): 625 million dollars
• Harmony Bridge - 100 million dollars
Atomic wallet: 100 million dollars
• Stake: $41 million
• Active Alphapo wallet: over 60 million dollars
• WazirX - 230 million dollars
The total amount of their cybercrimes exceeds 3 billion dollars.
• How was the Bybit hack?
1 Lazarus carried out a social engineering campaign using a fake Safe Wallet interface.
2. The signers saw the correct addresses and links, but the hidden code changed the logic of the smart contract, giving hackers total control.
3. This made it possible to bypass cryptographic protection and secretly withdraw 1.46 billion dollars.
• After the attack, Lazarus became the largest ETH whale, owning 0.42% of all ETH.
How do North Korean hackers work?
State support funds the military and nuclear programs of the DPRK.
Long-term planning is implemented in companies by posing as HR or business partners.
• Advanced techniques: they use malware, phishing, and legal loopholes in DeFi to cover their tracks.
• How do they launder stolen cryptocurrencies?
After the hack, they use DeFi platforms without KYC/AML, making transactions impossible to trace.
• Example: After the KuCoin hack ($275 million), they used Uniswap to 'clean' the funds.
• Why don’t they sell immediately?
Lazarus is known for its "Diamond Hands" tactics, where they store stolen assets for years, waiting for the best moment to withdraw them.
The money from previous hacks remains intact.
When it comes to selling, they use cryptocurrency mixers.
Why is this important for the ETH market?
Bybit will not return stolen ETH; the exchange covers withdrawals with borrowed funds.
Lazarus cannot withdraw $ETH quickly, creating a scarcity.
This increases buying pressure, but the market could still collapse.
Conclusion: Lazarus demonstrated that cryptocurrency exchanges remain a primary target for hackers. Each new attack is not just a cybercrime, but part of a state-sponsored cyberwar.
