On February 21, 2025, a group of pirates from North Korea withdrew the largest cryptocurrency robbery in history after flying $ 1.5 billion in Ethereum tokens of the Cryptocurry Exchange based in Dubai Go through. The pirates used a free storage software product that Bybit used to move Ethereum to another location, most likely coupled with phishing attacks to access control and download malware. It is estimated that at least $ 160 million Bybit stolen funds were bleached in the first 48 hours of the attack. Although the appeal does not offer Services or products in the United States, hack training effects harm the global cryptography market. The price of bitcoin experienced 20% drop Since its summit of all time in January and has renewed concerns about the security of these decentralized transactions.
The Trump administration makes cryptocurrency a bell tower of its technological policies portfolio. He implemented a series of decrees And meetings To make his aim to make the United States the “cryptographic capital of the planet”. However, bybt’s attack highlights concerns about crypto exchanges and their prevalence among the North Korean criminal hacking groups.
Q1: Who is responsible for the robbery of the Bybit cryptocurrency?
A1: The flight was awarded to the Lazare group, a sadly famous North Korean criminal hacking group which was also responsible for 2014 attack On Sony Pictures who have published E-mails and personal information from employees and destroyed 70% of Sony laptops and computers. The North Korean government regularly uses the Lazare group, most likely As part of its general recognition office, to commit large -scale ransomware attacks to generate funds For the country’s nuclear and ballistic missile program. North Korean pirates have become prolific By stealing cryptocurrency; In 2024, more than a dozen cryptographic companies were infiltrated by North Korean pirates who presented themselves as legitimate information of information technology (TI) to access information and internal systems. It is estimated that the Lazare group was stolen at least $ 3.4 billion In cryptocurrencies since its emergence in 2007, creating an important source of income for the North Korean government.
Hackers use a variety of techniques in their operations Ranging from more sophisticated cyber attacks by identifying zero-day vulnerabilities and deploying malware to steal funds, and thanks to social engineering techniques that attack human vulnerabilities to deceive people to put sensitive information. A common technique includes pirates posing As recruiters On LinkedIn and targeting security researchers, creating relationships with them before attracting them to phishing attacks. This level of sophistication has evolved from traditional phishing attacks by e-mail since increase Cybersecurity and awareness measures have made these cyber attacks more difficult to achieve successfully. North Korea has increased its campaigns against cryptographic industry after heavy sanctions continued to paralyze their already isolated economy. The flight of crypto offers a funding opportunity that has a low entrance barrier with extremely reduced opportunities. It is also more difficult for the police to follow, invoice and stop the authors of these hacks than the traditional modes of spying and human intelligence.
Q2: How did the hack occur?
A2: When the CEO of Bybit, Ben Zhou, went to sign on what seemed to be a routine transaction, the hackers intercepted the request, changed the code to reveal the legitimate transaction and redirected the funds to their portfolio instead of the planned recipient. Lazarus group hackers obtained the stolen currency when it was mobile Between a cold wallet, which stores digital assets while keeping private keys identifying the property by the user of its offline digital assets, and a hot wallet, which stores private keys to a server connected to the Internet. During a transfer of routine funds, the pirates exploited Vulnerability in the source code of the SAFE Sallet user interface, a free software platform used in its transaction and multi-signature signature process (Multisig). The use by bybit of Multisig was intended to protect users from a single failure and demanded that several people, including Zhou, to sign with each transaction. Pirates integrated Malicious code in the frontend software to make the transaction legitimate.
This sophisticated social engineering attack has shaken members of the cryptographic industry, who have long -standing beliefs that cold wallets And multisig are some of the most secure methods to protect digital assets. While industry experts recognized that hot and cold wallets had safety risks, many believed Cold wallets were safer from online attacks since they are not connected to the Internet. Some companies even double They “the best crypto portfolio”. Bybit also continued to use a safe wallet despite prior knowledge that the software was not compatible with another by Bybit’s security services, according to reports from the New York Times. Bybit’s hacking has reaffirmed the importance of assessing third parties for safety defects and transparency at all stages of the transaction process to catch the signals according to which a transaction can be malicious.
Q3: How can the police react to these hacks?
A3: Cryptocurrencies present a unique challenge to the police, with the volume of global The cryptocurrency markets increase, the ability to follow, grasp and condemn criminal activity becomes more and more difficult. In the wake of the attack on the Parbit, the Federal Bureau of Investigation attributed The attack on the Lazare group and identified Ethereum addresses linked to stolen money, urging the platforms to prevent from moving funds, and therefore allow money to be bleached. Despite the possibility of identifying the group and these addresses, hundreds of millions of dollars have been bleached in the days which followed the attack, stressing the problems that the application of laws has to effectively stop these activities. One of the biggest problems in the fight against crimes that use cryptocurrency is the volume and the scale that submerges the resources of national and international law enforcement agencies. However, there could be solutions with its underlying technology – Blockchain – which could allow surveys to follow and follow the stolen money.
Blockchain provides investigators with data mine for analyze Transactions and tracks where illicit funds are moved. Blockchain transactions are generally public, providing investigators with evidence to follow stolen fund perpetrators. This is particularly true for the transactions taking place on the exchanges of cryptocurrency based on the United States which must respect “know your customer” laws This requires financial institutions to check the identities of customers and reduce the risk of fraud through anonymity. However, the global cryptocurrency difficult Coordinate between the courts when these crimes take place, in particular those who have no verification requirements similar to those of the United States. Several needs have been identified Who hinder effective law operations in these crimes, and some of the highest priorities include a lack of information sharing in the courts once a crime has been identified. These problems repeat how the decentralized nature of cryptocurrencies offers unique challenges to which national and international agencies must overcome the police must overcome to mitigate the challenges associated with this growing technology.
Q4: Why do malicious actors use cryptocurrencies for money laundering?
A4: The decentralized nature of cryptocurrencies makes them attractive for criminal activity. The current absence of a coordinated global regulatory framework supervising cryptographic transactions allows criminals to escape the police more easily when they move large quantities of illicit transactions.
The current structure of cryptographic industry also allows malicious actors such as the Lazare group to easily whitewash money, and there are few current incentives in place to encourage cryptographic trading platforms to prevent an exchange or exchange of suspected funds when the platform could benefit financially. Take the hacking of Bybit: after having successfully stolen the funds, the Lazarus group hackers bleached the money by exchange The tokens stolen for ether by a decentralized exchange, sending the funds to more than 50 different portfolios to complicate the capacity of investigators to use the transparent nature of the blockchains to retrace the money. They then used anonymous trading platforms, such as Exch and Thorchain, to exchange funds. Despite Bybit’s requests to block the activity, Exch permit Exchanges, generating hundreds of thousands of dollars in the process.
Q5: What effect will this have on the future of cryptographic policy in the United States?
A5: President Trump expressed his interest in building a strong American cryptography market. During his first weeks in power, the Trump administration held a crypto at the White House and published a executive decree Establish a strategic bitcoin reserve and a stock for other digital currencies. Despite these initiatives, Bitcoin fell into a lowering market only a few weeks after hitting a record $ 109,071 in January. This drop in the market is not only due to fears shaved by the hacking of Bybit: factors such as Trump refusing to commit For an American Federal Bitcoin Federal Purchase Strategy as well as prices, recession problems and fears of a technological sale have been able to appetite risks in crypto and broader financial markets.
A combination of stronger cryptographic regulations and improving security measures in cryptographic companies could arouse consumer confidence in digital assets. The volatility of the stock market following the attack raised questions about the appetite of investors for increased use of digital assets. Despite the Trump administration’s actions to bring crypto to US markets and American financial arenas, hacking could delay the increase in investments given the security concerns that this attack has displayed. The increase in cryptographic activity will depend on the amount that investors trust these digital assets. The best avenue to increase this confidence is to regulate the disadvantages of the crypto so that investors can benefit from the advantages.
Taylar Rajic is a associate member of the Strategic Technologies program at the Center for Strategic and International Studies (CSIS) in Washington, DC Julia Brock is a program manager and a research partner in the Strategic Technologies program at CSIS.
