On Feb. 21, 2025, centralized crypto exchange Bybit fell victim to a staggering $1.4 billion cyber hack, with forensic evidence pointing to the mysterious Lazarus Group—a shadowy collective cloaked in aliases such as Hidden Cobra, Nickel Academy, Diamond Sleet, and Whois Team.

Lazarus Group wallets command $919 million according to Arkham.

Long before this massive exploit, the North Korean-linked syndicate had already etched its name in infamy, systematically extracting hundreds of millions from crypto platforms including the Ronin hack, Coinex and DMM exchange infiltrations, and the Harmony Horizon Bridge compromise.

Following the extraction of 499,000 ETH from Bybit—a single-platform heist of staggering proportions—wallets linked to the incident have already redistributed 424,330 ETH. The Lazarus Group, a digital marauder with suspected state ties, currently retains roughly 236,283 ETH (valued at $592.78 million) across wallets tied to the Bybit exploit and prior escapades.

Arkham Intelligence visualization of Lazarus Group’s onchain action.

This trove is supplemented by 3,391 BTC ($319.29 million), $3.11 million in BNB, and $337,370 in BABYDOGE from a 218-trillion-coin pillage. Per Arkham Intelligence data, Lazarus-linked wallets have engaged with Exch.cx, Thorchain, Sky (formerly MakerDAO), Uniswap, Cow Protocol, Maya Protocol, and Bridgers.

Post-Bybit, these wallets have exhibited relentless activity, casually shuffling assets across platforms; Arkham’s metrics confirm the collective’s holdings now eclipse all prior peaks. The technical precision and magnitude of their operations imply resources and orchestration exceeding conventional cybercrime, intimating possible state-aligned backing.

Analysts posit that the group’s dual focus on profit and geopolitical disruption may reflect a hybrid framework—potentially state-condoned rather than state-mandated—blurring traditional attribution models.

Liquidating its $919 million crypto arsenal poses a Herculean task, given forensic blockchain scrutiny and global enforcement vigilance. With 70+ flagged wallets brimming with ETH, BTC, and altcoins, even minor transactions flirt with exposure.

The colossal sums—hundreds of thousands of ETH and thousands in BTC—demand intricate obfuscation via mixers, decentralized exchange (DEX) platforms, or cross-chain bridges. Yet these tools now operate under a microscope, their efficacy dwindling as surveillance tightens.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。