Hackers linked to North Korea appear to have reduced their activities during the latter half of 2024 as they prepared for what would turn out to be the biggest cryptocurrency hack in history.
The crypto sector was shaken by the massive breach on February 21, when Bybit lost more than $1.4 billion to the notorious Lazarus Group from North Korea, which seemingly orchestrated the attack months in advance.
According to blockchain analytics experts, illegal operations associated with North Korean cyber groups saw a significant drop after July 1, 2024, even though there had been an increase in attacks earlier in the same year.
The decrease in crypto-related hacks by North Korean operatives raised alarms, as noted by a leading researcher in cybercrimes.
North Korean hacking activity before and after July 1.
The observed slowdown started around the time of a summit between Russia and North Korea, which led to a reallocation of North Korean resources, including military personnel toward the conflict in Ukraine. This insight was shared during a recent discussion, where it was mentioned:
“We speculated in the report that there might have been additional unseen factors related to resource reallocation from North Korea, leading up to the Bybit hack in early February.”
“This slowdown might have been a strategic regrouping to identify new targets, test infrastructure, or it could be linked to those geopolitical developments,” he added.
Related: A major whale still holds 10% of a memecoin after a $6.2 million exploit
The Lazarus Group managed to launder the entirety of the stolen Bybit funds through the decentralized cross-chain protocol THORChain in just ten days, as previously reported.
Nevertheless, blockchain security experts express hope that some of the funds could potentially be frozen and retrieved by Bybit. As of March 20, over 80% of the pilfered $1.4 billion remained traceable, allowing investigators to continue efforts to freeze and recover the stolen assets.
Related: A platform faces scrutiny over a $7 million bet on a Ukraine mineral deal
How the largest crypto hack was executed
The attack on Bybit serves as a reminder that even centralized exchanges with robust security systems are not immune to sophisticated cyberattacks, as analysts point out.
The breach bears resemblance to other significant hacks, such as the $230 million breach at WazirX and the $58 million hack of Radiant Capital, according to a tech expert.
He explained that a deceptive transaction compromised the Ethereum multisig cold wallet, tricking the signers into unknowingly approving a harmful change in smart contract logic.
“This enabled the hacker to take over the cold wallet and transfer all ETH to an unidentified address,” he stated.
North Korea hacking activity.
In total, North Korean hackers stole over $1.34 billion worth of digital assets from 47 incidents throughout 2024, reflecting a 102% increase compared to the $660 million taken in 2023. This theft constituted 61% of the total cryptocurrency stolen that year.
Magazine: Memecoins are fading — But Solana is ‘100 times better’ despite a revenue drop