Lazarus / TraderTraitor executes $1.5B Bybit heist — largest crypto theft in history
DPRK state-sponsored umbrella set associated with the Reconnaissance General Bureau. Mixes financially-motivated operations (including major cryptocurrency exchange thefts and SWIFT-network bank intr…
Summary
On 21 February 2025, North Korean operators tracked as TraderTraitor (assessed by FBI as Lazarus / APT38) transferred approximately $1.5B in Ethereum and ERC-20 tokens out of Bybit during a routine cold-wallet-to-hot- wallet rotation. The operation eclipsed the 2022 Ronin Bridge hack ($625M) as the single largest cryptocurrency theft on record. ZachXBT and subsequent FBI confirmation linked the wallets to the earlier Phemex, BingX, and Poloniex hacks attributed to the same cluster. The Bybit heist alone roughly tripled North Korea's running annual crypto take and forced multi-week downstream response from cryptocurrency exchanges attempting to block onward laundering.