In the wake of the Bybit breach, the infamous cybercrime collective Lazarus Group—allegedly operating under North Korean state backing—has amassed cryptocurrency assets worth nearly $1 billion through exploits traced to over 70 flagged wallets. This analysis dissects the labyrinthine composition of the syndicate’s digital plunder.
How Lazarus Moved 424,330 ETH Under Global Surveillance
On Feb. 21, 2025, centralized crypto exchange Bybit fell victim to a staggering $1.4 billion cyber hack, with forensic evidence pointing to the mysterious Lazarus Group—a shadowy collective cloaked in aliases such as Hidden Cobra, Nickel Academy, Diamond Sleet, and Whois Team.
Long before this massive exploit, the North Korean-linked syndicate had already etched its name in infamy, systematically extracting hundreds of millions from crypto platforms including the Ronin hack, Coinex and DMM exchange infiltrations, and the Harmony Horizon Bridge compromise.
Following the extraction of 499,000 ETH from Bybit—a single-platform heist of staggering proportions—wallets linked to the incident have already redistributed 424,330 ETH. The Lazarus Group, a digital marauder with suspected state ties, currently retains roughly 236,283 ETH (valued at $592.78 million) across wallets tied to the Bybit exploit and prior escapades.
This trove is supplemented by 3,391 BTC ($319.29 million), $3.11 million in BNB, and $337,370 in BABYDOGE from a 218-trillion-coin pillage. Per Arkham Intelligence data, Lazarus-linked wallets have engaged with Exch.cx, Thorchain, Sky (formerly MakerDAO), Uniswap, Cow Protocol, Maya Protocol, and Bridgers.
Post-Bybit, these wallets have exhibited relentless activity, casually shuffling assets across platforms; Arkham’s metrics confirm the collective’s holdings now eclipse all prior peaks. The technical precision and magnitude of their operations imply resources and orchestration exceeding conventional cybercrime, intimating possible state-aligned backing.
Analysts posit that the group’s dual focus on profit and geopolitical disruption may reflect a hybrid framework—potentially state-condoned rather than state-mandated—blurring traditional attribution models.
Liquidating its $919 million crypto arsenal poses a Herculean task, given forensic blockchain scrutiny and global enforcement vigilance. With 70+ flagged wallets brimming with ETH, BTC, and altcoins, even minor transactions flirt with exposure.
The colossal sums—hundreds of thousands of ETH and thousands in BTC—demand intricate obfuscation via mixers, decentralized exchange (DEX) platforms, or cross-chain bridges. Yet these tools now operate under a microscope, their efficacy dwindling as surveillance tightens.
Source: Bitcoin
