North Korea's elite Lazarus Group are officially confirmed as being behind biggest crypto robbery in history.

Bybit's cold wallet signers were completely caiiugth off guard by a sophisticated phishing campaign.

$1.4 billion in ETH vanished in seconds – a grand total of 401,000 ETH is now sitting in wallets controlled by entities affiliated with one of the most sanctioned jurisdictions on the planet.

The Money Washing Machine

These hackers are mixing funds like pros, having so far split the loot across more than 11,000 different wallets.

ETH is getting swapped for BTC and DAI through every no-KYC protocol on the market.

The digital money trail gets colder by the hour as funds bounce between chains and services, making it increasingly difficult to track what’s happening to the entirety of the funds.

Ben Zhou isn't rolling over – he's up declared war on the Lazarus Group and claims that he’ll claw back every since ETH that they made off with.

The "Lazarus Bounty" platform is now live, putting a price on any intel that helps track these funds.

Serious rewards are on the table for anyone who can help recover even a fraction of the stolen ETH.

"We will not stop until Lazarus or bad actors in the industry are eliminated," Zhou said, clearly in full vengeance mode.

The Community Response

Elliptic dropped a free data feed tracking North Korean-linked addresses within hours of the hack, showing robust support from the wider Web3 community.

Their system already flagged over 11,000 suspicious wallets connected to the stolen funds.

ZeroShadow got called in to do what they do best – follow the on-chain breadcrumbs and ensure nothing slips through the cracks. 

About $40 million has been frozen so far – barely 3% of what was taken, but better than nothing.

What This Means For Cold Storage

Even multisig cold wallets aren't bulletproof when hackers can social engineer their way in – it’s the human component that ultimately makes this exploit so dubious.

It looks, feels, and acts just like any normal day in the market, but the reality is that once you press confirm, it’s bye bye assets. 

They didn't crack any code – they just tricked humans into running malicious contracts.

Every exchange is now panic-reviewing their security protocols, because when $1.4B can walk out the door through a phishing scam, there’s good reason to feel a bit paranoid.

A New National Sport?

North Korea basically treats crypto hacking as a national industry to fund their weapons program.

We’re expecting regulators to use this as ammo for more crypto oversight as this hack proves again that crypto security fails at the human level, not the code level.

It seems the nuclear arms race for cryptop security has officially begun.