Arkham Intelligence linked North Korea’s Lazarus Group to the $1.4 billion Bybit hack using on-chain forensics.
Crypto sleuth ZachXBT cracked the case, tracing test transactions and wallet activity back to the attackers.
Lazarus has a long history of major crypto heists, with stolen funds allegedly fueling North Korea’s economy.
Blockchain intel firm Arkham Intelligence has linked North Korea’s Lazarus hacking group to the $1.4 billion Bybit exploit that sent shockwaves through the crypto market last Friday.
The connection? On-chain forensics.
JUST IN: 🇰🇵 ZachXBT confirms the $1.4 billion Bybit hackers are North Korea's Lazarus Group 👀 pic.twitter.com/HRSvAOsDfW
Using wallet activity, test transactions, and previous exploit patterns, pseudonymous crypto sleuth ZachXBT traced the attack back to Lazarus, the same group responsible for multiple high-profile hacks in recent years.
How the Hack Was Traced
Arkham launched a bounty worth nearly $30,000 in ARKM tokens, calling on the crypto community to uncover the attackers. ZachXBT cracked the case, submitting:
Detailed transaction history linking Lazarus to the exploit.
Forensic graphs mapping test wallets and transfers.
Timing analysis matching Lazarus’ past attack patterns.
“His submission included a detailed analysis of test transactions and connected wallets used ahead of the exploit,” Arkham posted on X.
North Korea’s Ongoing Crypto War
Lazarus isn’t new to this game—they’ve been behind some of the biggest crypto heists in history, funneling stolen funds into North Korea’s economy and military operations.
With Bybit now officially added to their list of victims, questions loom:
Will Bybit be able to recover any funds?
Is the crypto industry prepared for more Lazarus attacks?
How will regulators respond to an attack of this scale?
For now, $1.4 billion is gone, markets are rattled, and the world is once again reminded—crypto is still a battleground.
