Bybit Declares War on “Notorious” Lazarus Group After $1.4B Hack, Offers $140m Reward

Bybit, a main exchange of crypto, told a war “notorious” Lazare, a group of pirates made up of an unknown number of people, led by the government of North Korea.

This happens after the Crypto exchange experienced a security violation resulting in unauthorized transfer of more than $ 1.4 billion of liquid ether (ETH) and Megaeth (METH). The exchange reported unauthorized access to one of its cold Ethereum portfolios on February 21, 2025.

Following hacking, blockchain security companies, including Arkham Intelligence, identified the Lazarus group of North Korea as the probable culprit behind the hack. This prompted Bebit to declare war on the group, offering a bonus award of $ 140 million.

Announcing this decision, the CEO of Bybt, Ben Zhou, announced on X the launch of the first premium site which shows total transparency on the money laundering activities of the group sanctioned Lazarus nicknamed lazarusboundy.com.

He wrote,

“Join us for the war against Lazarus. Prime site first of the industry which shows an aggregated total transparency on the sanctioned activities of money laundering in Lazarus. V1 includes:

– Become a premium hunter by connecting your wallet and helping the background tracing, when your submitted premium leads to the frost, the premium is paid in advance to freezing.

-All the freezer obtains 5% of premiums, exchanges, mixers and everything.

– Live classification of the good and bad actor and their response time to deal with the sanctioned transactions of the Lazare group. You do not want to be on the list of bad players, it is a recording to help you facilitate sanctioned transactions.

– Address update of the live portfolio for exchange, analysis chain ”.

Zhou added that the exchange has attributed to a team dedicated to the maintenance and update of the website, declaring that hunting will not stop until the Lazarus group or the bad players in the industry are not eliminated.

Several X users have congratulated the initiative with others expressing the desire to provide the information necessary to ensure that the authors of hacking is exposed.

Here are some reactions;

@tallmetommy wrote,

“It changes the game for industry. Transparency, responsibility and acting in real time finally, a system of bonuses that encourages cleaning of space while exerting pressure on bad players. »»

@Henlomeme wrote,

“Unity wins!” The entire web3 FAM is strong with the balance sheet to eliminate Lazarus and all the bad actors. Let us keep our space clean, decentralized and just for everyone. »»

@dcryptodragons wrote,

“Now has become interesting. We will attend the first live hunting of thieves where people around the world will participate in catching them ”.

@HivForever wrote,

“Just when you thought Cyber ​​Warfare couldn’t get wilder. A “war” on Lazarus, huh? I love the way the first premium site in this industry is all about transparency and responsibility. It’s like the crypto community finally saying: “Hey, we are not only a bunch of rebels – we are team players!” And this 5% reduction for freezers? It is a creative incentive right there. But seriously, I can’t help but wonder what type of resources will be necessary to eliminate these bad actors. Anyone have ideas or expertise that he would like to share? »»

@Derichio wrote,

“Delighted to see the transparency on your side @benbybit I and by involving the cryptographic community, you have for sure a great chance to succeed! It’s time to send a clear message: even if you manage to fly tokens, you will not be able to use them. It should be deployed!

$ 1.4 billion dollars piracy

Bybit, announced on Friday that a hacking attack linked to a cold portfolio caused a loss of 401,346 Ethereum ($ 1.4 billion). The director general and co-founder Ben Zhou announced on X that the flight was bound only to Ethereum Cold Wallet, “The hot wallet and all the other cold wallets are good.”

Bybit immediately sought to reassure his clients that their assets in cryptocurrency were sure, while his director general declared on social networks by Bybit would reimburse all those affected, even if the hacked currency had not returned.

“Bybit is a solvent even if this loss of hacking is not recovered, all customer assets are supported from 1 to 1, we can cover the loss”, Ben Zhou, co-founder and chief executive officer of Bybit.

He added that the company held $ 20 billion in customer assets and would be able to cover the not recovered funds itself or through partner loans. Bybit, which has more than 60 million users worldwide and is the second exchange of cryptocurrency in the world in terms of negotiation volume, said that the news of the hack had led to an increase in withdrawal requests.

In a positive development, the exchange revealed that it had recovered its $ 1.46 billion stolen, thanks to a combination of loans, whales and purchases of Ethereum (ETH), according to Lookonchain data.

On Monday 24,2025, the CEO of Bybit, Ben Zhou, announced on X that Bybit already had Completely closed ETH space, noting that a new audited POR report will be published Very soon to show that the exchange of crypto is back at 100% 1: 1 on the customer Active through the Merkle tree.

Notorious Lazare Group

The Lazare group is a notorious cybercrime organization widely supported by the North Korean government. Active since at least 2009, they are known to carry out sophisticated cyber attacks targeting a variety of sectors, including financial institutions, cryptocurrency platforms and critical infrastructure worldwide. Experts connects them to the General Recognition Office of North Korea, a key intelligence agency, suggesting that their operations serve financial and geopolitical objectives, such as regime financing and information collection.

They first drew attention with attacks like “Operation Troy” (2009-2012), a cyber-spying campaign using basic service of service against South Korea. Over time, their methods have evolved considerably. The very publicized incidents include the Sony Pictures 2014 hack, which exhibited sensitive data in retaliation for a film making fun of the leader of North Korea, and the Bangladesh Bank Heist 2016, where they stole $ 81 million thanks to fraudulent swift transactions. They are also linked to the 2017 Wannacry Ransomware attack, which disrupted systems worldwide using an NSA feat.

The group’s goal has moved to cryptocurrency in recent years, reflecting the need for North Korea in foreign currency under sanctions. Notable crypto crampons include the Hack Axie Infinity Axie of $ 625 million in 2022 and an Ethereum off -fee of $ 1.46 billion by Bybit in 2025, presenting their growing expertise in the exploitation of digital finances. They often use social engineering – like false job offers or phishing emails – and personalized malware to infiltrate systems, adaptation tactics to escape detection.

Although their exact membership is unknown, estimates suggest that sub-groups like Bluenoroff, with around 1,700 members, specialize in financial crimes, and their total network could involve thousands of agents. Despite their sophistication, occasional operational slippages, such as infrastructure exhibition in 2023, reveal that they are not infallible. Their persistence and adaptability make it one of the most important cyberrencies today, the losses assigned to them exceeding $ 2 billion per certain accounts.

Move forward

Crypto space, with its billions The assets kept has become a main target for attackers increasingly creative and more resources. Bybit’s hacking, which occurred on February 21, 2025, is a brutal reminder of the vulnerabilities that persist in the cryptocurrency space, even among the main exchanges.

Sophistication of recent attacks, such as advanced pleashing draw, social engineering, And handling the user interface highlights the urgent need for equally sophisticated safety measures to protect digital assets.