Last week’s $1.46 billion Ethereum theft by North Korean-linked Lazarus Group has sent shockwaves through the cybercrime ecosystem, as it has not only joined the ranks of the largest known financial thefts in history but also demonstrated that the group’s skillset is presenting new challenges for defenders. In the wake of the theft, numerous experts told CyberScoop that the group’s unprecedented speed and scale in laundering the stolen funds demonstrate its increased capability to conduct such brazen attacks. “What sets this hack apart is the extraordinary pace of post-hack laundering,” Ari Redbord, global head of policy at TRM Labs, said in an email.Within two days of the attack, the North Korean threat group funneled $160 million through illicit channels, “an amount that would have been unimaginable to move this quickly just a year ago,” Redbord said. “This shift raises alarming questions about whether North Korea’s laundering capacity has expanded. Criminal financial networks have never moved this quickly to process funds.”The Bybit attack was attributed to Lazarus Group by multiple blockchain analytics firms tracking crypto crime. North Korea’s government created the notorious collective of malicious hackers as early as 2007, according to the U.S. government.TRM Labs determined the initial funding for the attacker’s contract came from a known North Korean wallet and linked laundering patterns to previous North Korea state-sponsored attacks. “Funds stolen from Bybit are being commingled with funds from multiple Democratic People’s Republic of Korea-attributed thefts,” Tom Robinson, co-founder and chief scientist at Elliptic, said in an email.Lazarus Group’s hastened laundering of stolen Ethereum tokens marks a dangerous evolution in how nation-state attackers exploit financial systems, signaling an urgent need for stronger cross-border cooperation, enhanced blockchain monitoring and stricter anti-money laundering enforcement, Redbord said. Crypto crime analysts, law enforcement and national security agencies have surged support for Bybit in the wake of the attack in a bid to freeze or seize the stolen funds. More than $40 million of the stolen funds were frozen within a day, according to Redbord. As of Monday, Elliptic said it had facilitated the freezing of $243,000 in stolen assets. Yet, Lazarus Group’s illicit haul is enormous, exceeding the total amount North Korea-affiliated attackers stole from crypto platforms in all of 2024. Chainalysis attributed $1.34 billion in cryptocurrency theft to North Korea state-backed groups, representing 61% of the total amount stolen by all attackers last year.The worth of Lazarus Group’s stolen funds also exceeds the worth of Ethereum holdings belonging to the Ethereum Foundation, a nonprofit organization that supports the Ethereum ecosystem. Ethereum Foundation’s cryptocurrency holdings, 99.5% of which were held in Ethereum, amounted to $788.7 million as of Oct. 31, according to the organization’s annual report.North Korea-linked attackers have stolen more than $6 billion in cryptocurrency since 2017, according to Elliptic.Ben Zhou, Bybit’s co-founder and CEO, called for a “war against Lazarus,” announcing a bounty site Tuesday designed to trace the stolen funds, and eventually assist other victims of Lazarus.Two hours after the attack Friday, Zhou held a livestream for Bybit clients, explaining how the hack occurred during a cold wallet transfer, a transaction the cryptocurrency exchange typically does every two-to-three weeks. “When we saw the transaction it was business as usual,” Zhou said on the livestream. “I was the last signer of this transaction. When this transaction came, it was a normal URL.”Zhou said he clicked on the link but didn’t fully check the destination address obscured by code, a common issue with Ethereum cold wallet transfers. “After I signed it, 30 minutes later then we got the emergency call that our cold Ethereum wallet is drained,” Zhou said.Bybit experienced a hundred-fold increase in withdrawals shortly after news of the attack surfaced, but Zhou assured clients that Bybit’s treasury can cover the stolen funds and said no other balances were compromised. Zhou placed the total amount of stolen cryptocurrency at 401,000 Ethereum tokens. “This incident has left the incident more aware than ever before that we need to harden our cyber defenses,” Redbord said. “Crypto projects can protect themselves from hacks and exploits by implementing a multi-layered defense strategy, such as regular security audits, robust encryption, multi-signature wallets, and secure coding practices.”The post Crypto analysts stunned by Lazarus Group’s capabilities in $1.46B Bybit theft appeared first on CyberScoop.