In a stunning breakthrough, crypto investigator ZachXBT has unraveled the mystery behind the largest cryptocurrency heist in history—a $1.38 billion hack on the Bybit exchange—pinpointing North Korea’s infamous Lazarus Group as the masterminds.
The findings, shared through meticulous blockchain analysis with Bybit’s team, mark a pivotal moment in the fight against cybercrime in the digital asset world, spotlighting both the vulnerabilities of major exchanges and the power of crowdsourced intelligence.
The saga began when Bybit, one of the crypto industry’s leading platforms, suffered a staggering $1.38 billion loss in early 2025, eclipsing all previous records for exchange hacks. ZachXBT, spurred by a 50,000 ARKM token bounty from blockchain analytics firm Arkham, traced the stolen funds through a labyrinth of transactions, ultimately linking them to Lazarus Group.
According to the analysis, the North Korean hackers employed sophisticated techniques to siphon the funds, reinforcing their reputation as a persistent threat to the crypto ecosystem.
The research was revealed in a post by Arkham on X, highlighting ZachXBT’s role in cracking the case.
This breach now tops a grim list of the ten largest crypto exchange hacks to date. Historical heavyweights include Mt. Gox, which lost 647,000 BTC in 2011, and Bitfinex, hit for 120,000 BTC in 2016. More recent incidents like Coincheck’s $532 million loss in 2018 and FTX’s $415 million theft in 2022 pale in comparison to Bybit’s record-breaking figure.
Other notable victims include KuCoin ($280 million in 2020), WazirX ($235 million in 2024), QuadrigaCX ($190 million in 2018), Coinbene ($105 million in 2019), and Phemex ($69 million in 2025). The research underscores a troubling trend: despite advances in security, exchanges remain prime targets for hackers.
Lazarus Group’s involvement adds a chilling layer to the story. Known for high-profile cyberattacks, the group previously orchestrated a $625 million heist on the Ronin Network in 2022 and a $308 million raid on a Japanese crypto firm, according to cybersecurity reports. Their latest exploit against Bybit demonstrates not only their technical prowess but also their unrelenting pursuit of crypto riches, often funneled to fund North Korea’s regime. “The blockchain doesn’t lie,” the analysis notes, emphasizing how ZachXBT’s work exposed the hackers’ digital footprints.
The broader implications are stark. For the crypto industry, the Bybit hack signals an urgent need for stronger defenses as losses mount into the billions. For individual investors, it’s a sobering reminder of the risks tied to centralized exchanges.
Arkham’s bounty program, which rewarded ZachXBT’s efforts, points to a promising shift—leveraging independent investigators to bolster security. The research suggests this model could reshape how the industry combats cyberthreats, turning lone sleuths into key players.
As the dust settles, the Bybit breach raises pressing questions: Will exchanges finally outpace hackers, or is this just the beginning of an even costlier era of crypto crime? With Lazarus Group still at large and the stakes higher than ever, the industry watches closely for what comes next.
