North Korean state-sponsored hackers have reportedly stolen approximately $1.5 billion in Ethereum (ETH) from the Dubai-based cryptocurrency exchange Bybit. This incident, which occurred on February 21, is now considered the largest digital asset theft to date.

According to a report from cryptocurrency analyst Chainalysis, the attackers infiltrated Bybit’s systems during a routine transfer from an offline “cold” wallet to an online “hot” wallet, seizing control and diverting over 400,000 ETH to an unidentified address. 

Blockchain security firms, including Arkham Intelligence, have attributed the heist to North Korea’s Lazarus Group, citing substantial overlaps between addresses used in this attack and those linked to previous North Korean thefts. 

The Lazarus Group has a notorious history of executing sophisticated cyberattacks, including the 2014 Sony Pictures breach and the 2017 WannaCry ransomware attack. 

In response to the breach, Bybit’s CEO, Ben Zhou, assured clients that Bybit is solvent and can cover the loss, emphasizing that all customer assets are backed on a one-to-one basis. 

The exchange has processed over 350,000 withdrawal requests since the incident and is collaborating with blockchain forensic experts to trace the stolen funds. 

To expedite recovery efforts, Bybit has launched a Recovery Bounty Program, offering up to 10% of the recovered amount—potentially $140 million—to individuals or entities aiding in the retrieval of the assets. 

North Korea has increasingly targeted the cryptocurrency sector to circumvent international sanctions and fund governmental activities. In March 2022, North Koreans carried out a cyber attack on the Ronin Network, where the Lazarus Group stole $625 million in cryptocurrency from the Axie Infinity platform.