It appears North Korea-linked cybercriminals may have taken a breather from their hacking activities in the latter half of 2024, possibly to gear up for what would become the biggest crypto heist ever recorded.

The crypto world was sent reeling on February 21st when Bybit, a major exchange, was targeted in a massive hack. Over $1.4 billion vanished, attributed to the notorious North Korean Lazarus Group. Evidence suggests this attack was meticulously planned months in advance.

According to blockchain analysts at Chainalysis, suspicious activity connected to North Korean hackers saw a significant dip after July 1st, 2024, a stark contrast to the surge in attacks earlier in the year.

This noticeable lull in crypto hacking from North Korean actors raised eyebrows, as noted by Eric Jardine, the lead cybercrimes researcher at Chainalysis.

Jardine explained to Cointelegraph on the Chainreaction show on March 26th that North Korea’s hacking slowdown “began around the time of the summit between Russia and the DPRK [North Korea]. This meeting may have led to a shift in North Korean resources, potentially including military personnel being directed towards the conflict in Ukraine.” He further elaborated:

“In our report, we considered the possibility of unseen resource shifts within the DPRK. Then, fast forward to early February, and we witness the massive Bybit hack.”

https://t.co/jOlqMt4Hag

— Cointelegraph (@Cointelegraph) March 26, 2025

He continued, “The observed decrease in activity could have been a strategic pause to identify fresh targets, probe network defenses, or it could be linked to these broader geopolitical developments.”

Related: Hyperliquid whale still holds 10% of JELLY memecoin after $6.2M exploit

Cointelegraph reported on March 4th that the Lazarus Group managed to launder the entirety of the stolen Bybit funds – a staggering 100% – via the decentralized cross-chain protocol THORChain within just ten days.

Despite the scale of the theft, blockchain security experts held onto hope that Bybit might recover some of the pilfered assets. As of March 20th, it was reported that over 80% of the massive $1.4 billion haul remained traceable, with blockchain investigators working tirelessly to freeze and potentially recover the funds.

Related: Polymarket faces scrutiny over $7M Ukraine mineral deal bet

How hackers staged the world’s biggest crypto hack

Analysts point out that the Bybit attack serves as a stark reminder that even well-protected centralized exchanges, boasting robust security measures, can still fall victim to highly sophisticated cyberattacks.

Meir Dolev, co-founder and CTO of Cyvers, noted similarities between this attack and the $230 million WazirX hack along with the $58 million Radiant Capital incident.

Dolev explained that the Ethereum multisig cold wallet compromise occurred through a cleverly disguised transaction. Signers were tricked into unwittingly authorizing a malicious alteration to the smart contract logic.

“This allowed the hacker to seize control of the cold wallet and subsequently move all the ETH to an unknown address,” Dolev informed Cointelegraph.

Chainalysis data reveals that throughout 2024, North Korean hackers successfully pilfered over $1.34 billion in digital assets across a total of 47 separate incidents. This represents a dramatic 102% surge compared to the $660 million stolen in 2023, according to their findings.

This staggering sum accounts for a massive 61% of all cryptocurrency stolen in 2024.

Magazine: Memecoins are ded — But Solana ‘100x better’ despite revenue plunge

Explore more articles like this

Subscribe to the Finance Redefined newsletter

A weekly toolkit that breaks down the latest DeFi developments, offers sharp analysis, and uncovers new financial opportunities to help you make smart decisions with confidence. Delivered every Friday

Subscribe

By subscribing, you agree to our Terms of Services and Privacy Policy