Crypto Heist EXPOSED: North Korea’s Shocking CEX Attacks Uncovered!

In a report published on 25th Feb 2025, cyber security firm SlowMist shared their insight on how the notorious Lazarus group attacked the centralized cryptocurrency exchange. 

The investigation has revealed the sophisticated hacking technique used signaling the rise of cyber security threats in the crypto industry. 

The Lazarus group alleged to be run by the North Korean government has been responsible for multiple large-scale crypto heists in recent years. 

The most recent of their work is the 400,000 Ethereum coin heist on 21st Feb 2025. The total evaluation is almost $1.5 billion that was stolen from Bybit. Ranking based on the heist evaluation, it ranks among the most significant digital robberies in cryptocurrency history. 

Hackers used sophisticated techniques to launder the Ethereum coins using the vulnerability during routine transactions. 

Throughout 2024, North Korea has carried out 47 cyber heists which is estimated to be $1.3 billion. This alone sums up to two-thirds of the total cryptocurrency fraud in the year 2024. 

While there is much speculation as to where these stolen tokens are used, many experts believe that the money laundered is used in North Korea’s missile and nuclear program. 

In their report, SlowMist highlights the fact that Lazarus has redefined their tactics to aggressively target the minor vulnerabilities in the centralized exchange. 

The popular practices used by the Lazarus group are as follows: 

• Software Exploitation. 

• Spear-phishing campaign. 

• Deep infiltration of the popular Crypto exchange platforms. 

The reason why it is difficult to find them is that the hackers pose themselves to be developers, hire employees for debugging work, and use false credentials to infiltrate the systems. 

Once they get access to the system and are inside it, they deploy advanced malware allowing them to have access while stealing sensitive data. 

And once they’re done with stealing, they cover their tracks using crypto tumblers and cross-chain swaps to evade detections. 

Despite the scale of attacks, there have been many successful countermeasures. SlowMist alone has recorded 16 instances where the victims have managed to recover their stolen crypto, totaling $113 million. 

Since the launch of SlowMist in 2018, it has remained the vanguard for blockchain security, working together with other cybersecurity to safeguard the industry from such threats. 

After the 21st February incident, a new bounty program has been launched targeting the Lazarus group.