lazarusgroup

Bybit just suffered the largest crypto heist in history — $1.4B drained in minutes.
401,000 ETH vanished from their cold wallet in a single sweep. No batches. No delays. Just a flood of Ethereum pouring into an unknown address.

What makes this attack terrifying?

The signers approved the transaction themselves.
Because the interface they trusted was already compromised.

A poisoned UI.
A masked destination address.
A perfect trap.

Once the final signature hit, control of the vault flipped — and the entire cold wallet was emptied. ETH was instantly swapped, split across 50+ wallets, and scattered across the chain.

Early analysis points to Lazarus Group, the same state-backed attackers behind Ronin, DMM Bitcoin, and multiple billion-dollar breaches.

Their weapon isn’t code — it’s people.
Fake updates. Compromised vendors. Spear-phishing.
They don’t break vaults.
They trick humans into opening them.

To their credit, Bybit kept withdrawals open and processed over 350,000 withdrawals in 10 hours while securing $4B in emergency liquidity. That move alone prevented a full-scale
But the message is clear:
Bybit just suffered the largest crypto heist in history — $1.4B drained in minutes.
401,000 ETH vanished from their cold wallet in a single sweep. No batches. No delays. Just a flood of Ethereum pouring into an unknown address.

What makes this attack terrifying?

The signers approved the transaction themselves.
Because the interface they trusted was already compromised.

A poisoned UI.
A masked destination address.
A perfect trap.

Once the final signature hit, control of the vault flipped — and the entire cold wallet was emptied. ETH was instantly swapped, split across 50+ wallets, and scattered across the chain.

Early analysis points to Lazarus Group, the same state-backed attackers behind Ronin, DMM Bitcoin, and multiple billion-dollar breaches.

Their weapon isn’t code — it’s people.
Fake updates. Compromised vendors. Spear-phishing.
They don’t break vaults.
They trick humans into opening them.

To their credit, Bybit kept withdrawals open and processed over 350,000 withdrawals in 10 hours while securing $4B in emergency liquidity. That move alone prevented a full-scale collapse.

But the message is clear:

Cold wallets are not invincible.
Human approval is now the weakest link in crypto security.

This wasn't just theft — it was a warning to every exchange, custodian, and user in the industry.
Cold wallets are not invincible.
Human approval is now the weakest link in crypto security.

This wasn't just theft — it was a warning to every exchange, custodian, and user in the industry.

#CryptoNews #ExchangeSecurity #BybitHack #ETH #LazarusGroup

Full reimbursement following a security breach
The largest cryptocurrency exchange in South Korea, #Upbit , has announced its commitment to fully reimburse its customers after a major security breach that resulted in estimated losses between 36 million and 38 million dollars. The hacking involved illicit withdrawals primarily of assets based on #solana $SOL , with the notorious group #LazarusGroup from North Korea suspected of orchestrating the attack. This incident has heightened concerns regarding vulnerabilities associated with hot wallets, which remain continuously connected to the Internet for trading purposes but are susceptible to cyber threats.

On November 27, 2025, one of the largest cyberattacks on a cryptocurrency exchange occurred: hackers stole crypto assets worth 44.5 billion won ($30.4 million) from Upbit, the largest platform in South Korea, mainly in Solana. The exchange promptly blocked deposits and withdrawals, transferring assets from hot wallets to cold ones, and promises full compensation for clients' losses.

🔐 What happened at Upbit — incident summary

On
November 27, 2025
, Upbit detected an unauthorized exit (“an anomalous transfer”) from one of its hot wallets on the Solana network.
The amount withdrawn amounts to
44.5 billion South Korean won

, equivalent to approximately

US$ 30–31 million

.
Immediately, Upbit
suspended deposits and withdrawals

to prevent further outflows and initiated an internal investigation.

According to their report, the loss for the company (equity) was about

🙄Hack A group of DPRK #hackers #LazarusGroup hacked a cold wallet on the exchange for 400k $ETH ($1.5 billion dollars)
Now they have more ether than Vitaliy Buterin, the creator of the token himself
😀The channels are already screaming that North Korea has announced a strategic reserve of ether😂

#BybitHack #BybitWalletHack

According to Arkham Intelligence, the mastermind behind the $1.5 billion Bybit hack has been identified, and the culprit is none other than the Lazarus Group, a notorious North Korean cybercrime syndicate.

🔎 What we know at the moment:
🔹 Lazarus Group has a history of large-scale cryptocurrency thefts, laundering billions through complex blockchain transactions.

Lazarus Group is one of the world’s most dangerous cyber hacking organizations, believed to be operating under the supervision of the North Korean government. It began its activities in the early 2000s and has since carried out high-profile attacks targeting financial institutions, technology companies, and cryptocurrency platforms. Its primary objectives are to fund the North Korean regime, evade international sanctions, and gather intelligence.
Origins and Development
Lazarus Group first appeared on the cyber scene in 2009, but it gained global attention in 2014 after the infamous attack on Sony Pictures. During that attack, the hackers infiltrated the company’s systems, stole sensitive data, and released threatening messages in response to the film “The Interview”, which mocked North Korean leader Kim Jong-un. Since then, the group has diversified its targets, including banks, governments, and cryptocurrency companies.

Group’s Objectives and Motives
1. Illicit Financing:
Due to the economic sanctions imposed on North Korea, the group steals money and cryptocurrencies to fund its nuclear and military programs.
2. Cyber Espionage:
The group gathers intelligence from governments and corporations to strengthen North Korea’s position in international negotiations.
3. Destabilization:
Some attacks are aimed at creating chaos in enemy countries or disrupting their economic systems.

Notorious Cyberattacks
1. Sony Pictures Hack (2014)
• The hackers infiltrated Sony’s systems, leaking unreleased films and sensitive emails.
• The attack caused significant financial losses and raised concerns about online freedom of expression.
2. WannaCry Ransomware Attack (2017)
• A global ransomware attack that infected over 230,000 devices in 150 countries.
• It crippled hospitals, companies, and banks, with hackers demanding ransom in Bitcoin to unlock encrypted files.
3. Bangladesh Central Bank Heist (2016)
• The group stole $81 million through illegal transfers from the Federal Reserve Bank of New York to accounts in the Philippines.
• The theft could have reached $1 billion if the breach had not been discovered at the last minute.
4. Ronin Network Hack (2022)
• The group breached the blockchain network of the game Axie Infinity, stealing over $620 million in Ethereum (ETH) and USDC.
• This was one of the largest cryptocurrency hacks in history.

Hacking Techniques and Tools

Lazarus Group employs advanced techniques and diverse methods, including:
1. Social Engineering: Tricking employees into clicking malicious links via emails or social media.
2. Ransomware: Encrypting data and demanding cryptocurrency payments to restore access.
3. Blockchain Breaches: Exploiting vulnerabilities in smart contracts and decentralized finance (DeFi) platforms.
4. Money Laundering: Using cryptocurrency mixers like Tornado Cash to hide the origin of stolen funds.

Organizational Structure

Little is known about the group’s internal structure due to its secrecy. However, it is believed to operate under North Korea’s Reconnaissance General Bureau (RGB), responsible for intelligence activities and special operations abroad. The group is likely supported by skilled programmers and hackers trained within the country.

Global Economic Impact

Lazarus Group’s attacks have resulted in billions of dollars in losses and disrupted financial markets worldwide. For example, ransomware attacks like WannaCry harmed healthcare providers and banks, while cryptocurrency thefts undermined investor confidence in blockchain technology.
International Response
1. United States: The U.S. Treasury Department has imposed sanctions on individuals and entities linked to Lazarus Group. The FBI has also classified the group as a top cyber threat.
2. United Nations: UN reports indicate that stolen funds are used to finance North Korea’s nuclear weapons program.
3. Cybersecurity Companies: Firms like Kaspersky, Symantec, and CrowdStrike are actively tracking the group’s activities and developing protection systems against its attacks.
How to Protect Yourself from Lazarus Group’s Attacks
• Enhance Cybersecurity: Use advanced firewalls and antivirus software.
• Employee Awareness: Train employees to recognize phishing emails and suspicious links.
• Enable Two-Factor Authentication (2FA): Especially for managing cryptocurrency wallets.
• Backup Important Data: Keep encrypted backups of critical data.
Conclusion
Lazarus Group is a clear example of how cybercrime can be used as a political and economic tool. With its advanced skills and diverse strategies, it has become a major player in the world of cybercrime. As the world increasingly relies on digital assets, the group is expected to continue its attacks, making cybersecurity a top priority for individuals and organizations alike.
$AXS $ETH $BTC
#BybitSecurityBreach #LazarusGroup #SouthKorea #ETH #BTC☀