Emre Yumlu 
According to ZachXBT, onchain evidence following the Bybit hack links the Lazarus Group to the Phemex hack.
Lazarus Group’s Link Between the Bybit and Phemex Hacks Uncovered
The North Korean cybercrime organization, Lazarus Group, is suspected to be behind both the $1.4 billion Bybit hack and the $29 million Phemex hack, according to the latest onchain evidence.
The February 21st Bybit exchange hack led to the largest crypto theft in history, with attackers stealing $1.4 billion worth of liquid-staked Ether, Mantle Staked ETH (mETH), and other ERC-20 tokens.
Blockchain security analysts, including Arkham Intelligence and onchain researcher ZachXBT, have traced the attack to Lazarus Group.
New onchain findings revealed that the same Lazarus Group-affiliated wallets were also behind the $29 million Phemex hack in January.
Lazarus Group Uses Crypto Mixers to Combine Funds from Bybit and Phemex Hacks
In a February 22nd X post, ZachXBT wrote, “Lazarus Group directly linked the Bybit hack to the Phemex hack by commingling funds from both incidents’ initial stolen addresses.”
According to onchain data, $29 million worth of digital assets was drained from Phemex’s hot wallets through over 125 transactions recorded across 11 blockchain networks. The attackers then used crypto mixers like Tornado Cash to convert the funds into Ether, making them harder to trace.
The Bybit hack alone accounted for more than half of the $2.3 billion stolen in crypto-related hacks in 2024, marking a significant setback for the industry.
Cyvers’ Meir Dolev noted the similarities between this attack and the $230 million WazirX hack and the $58 million Radiant Capital hack. Dolev explained that Bybit’s Ethereum multisig cold wallet was compromised through a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change.
“It seems that Bybit’s ETH multisig cold wallet was compromised through a deceptive transaction that tricked signers into unknowingly approving a malicious smart contract logic change,” he said.
Lazarus Group Steals $1.34 Billion Worth of Crypto in 2024
Lazarus Group is known for being behind some of the largest crypto heists. The group is the main suspect in the infamous $600 million Ronin Network hack and the $230 million WazirX exchange hack.
Throughout 2024, North Korean hackers stole $1.34 billion worth of digital assets across 47 incidents. This represents a 102% increase from the $660 million stolen in 2023, accounting for 61% of all crypto stolen in 2024.
The United States, Japan, and South Korea issued a joint warning on January 14th, citing the growing threat of North Korean hackers targeting the crypto industry.
Over the past year, North Korean hackers were also responsible for the $305 million DMM Bitcoin hack, the $50 million Upbit hack, the $50 million Radiant Capital hack, and the $16 million Rain Management hack.
You can freely share your thoughts and comments about the topic in the comment section. Additionally, please don’ t forget to follow us on our Telegram, YouTube and Twitter channels for the latest news.