The Lazarus Group's 2024 pause has been attributed to a strategic repositioning of resources, ahead of what would become the largest cryptocurrency hack in history - the Bybit attack. The pause in cyberattacks by North Korea-affiliated hackers during late 2024 may have been a calculated move to reallocate their resources and prepare for the impending massive heist.
Throughout 2024, North Korean hackers stole over $1.34 billion worth of digital assets across 47 incidents, a 102% increase from the $660 million stolen in 2023, according to Chainalysis data. This accounted for 61% of the total crypto stolen in 2024. The Lazarus Group, an infamous North Korea-affiliated hacking group, seemed to have prepared the attack months in advance.
The crypto industry was rocked by the enormous hack on February 21 when Bybit lost over $1.4 billion to the notorious Lazarus Group. The attack highlighted that even centralized exchanges with strong security measures remain vulnerable to sophisticated cyberattacks, analysts said. According to blockchain analytics firm Chainalysis, illicit activity tied to North Korean cyber actors sharply declined after July 1, 2024.
According to Eric Jardine, Chainalysis cybercrimes research lead, the slowdown in crypto hacks by North Korean agents had raised significant red flags. "North Korea's slowdown started when Russia and DPRK [North Korea] met for their summit that led to a reallocation of North Korean resources, including military personnel to the war in Ukraine," Jardine told Cointelegraph during the Chainreaction show on March 26.
The Lazarus Group took just 10 days to launder 100% of the stolen Bybit funds through the decentralized crosschain protocol THORChain, Cointelegraph reported on March 4. Still, blockchain security experts were hopeful that a portion of the funds could be frozen and recovered by Bybit.
As of March 20, over 80% of the stolen $1.4 billion was still traceable as blockchain investigators continue their efforts to freeze and recover the funds.
The Bybit attack shares similarities with the $230 million WazirX hack and the $58 million Radiant Capital hack, according to Meir Dolev, co-founder and chief technical officer at Cyvers. The Ethereum multisig cold wallet was compromised through a deceptive transaction, tricking signers into unknowingly approving a malicious smart contract logic change.
North Korea's pause in cyberattacks during late 2024 may have been a calculated move to reallocate their resources and prepare for the impending massive heist - the Bybit attack. The attack highlights that even centralized exchanges with strong security measures remain vulnerable to sophisticated cyberattacks, analysts said. As blockchain security experts continue their efforts to freeze and recover the funds, the crypto industry must take note of the lessons learned from this record-breaking hack.