In a plot twist straight out of a cyberpunk novel, the notorious Lazarus Group—North Korea’s infamous hacking syndicate—has once again left the Web3 world reeling. On-chain sleuth extraordinaire ZachXBT has uncovered damning evidence linking the jaw-dropping $1.4 billion Bybit hack to an earlier $29 million assault on Phemex, revealing a chilling consolidation of stolen funds into a single wallet. This isn’t just another crypto caper; it’s a masterclass in digital subterfuge that’s sending shockwaves through the blockchain universe.
The saga began in January when Phemex, a Singapore-based exchange, fell victim to a $29 million Ether (ETH) heist. Fast forward to February 21, 2025, and Bybit—a titan in the centralized exchange arena—was blindsided by a record-shattering $1.4 billion theft, the largest single crypto hack in history. At first, these incidents seemed like isolated strikes in the relentless barrage of 2024’s crypto exploits. But ZachXBT’s relentless digging has exposed a deeper connection: the Lazarus Group, suspected puppet masters behind both, has funneled their ill-gotten Ether into a shared digital vault.
Picture this: a shadowy crew, backed by a rogue state, orchestrating not one, but two mega-heists with surgical precision. For Bybit, the breach was a nightmare of deception—a malicious smart contract slipped past unsuspecting signers, hijacking their Ethereum multisig cold wallet and siphoning off 401,347 ETH in a flash. Phemex’s earlier wound, though smaller, bore the same ruthless signature. Now, on-chain traces show the spoils converging, with funds from both hacks mingling in a wallet tied to the Lazarus Group’s sprawling empire of crime.
This isn’t their first rodeo. The Lazarus Group has a rap sheet that reads like a Web3 horror story: the $600 million Ronin Network plunder, the $230 million WazirX raid, and now, potentially, over $1.4 billion in 2025 alone. Analysts estimate their 2024 haul at $1.34 billion across 47 hacks—a 102% surge from the year prior. With each strike, they refine their craft, exploiting the very transparency of blockchain to cloak their tracks in a maze of mixers and mules.
For Bybit, the fallout has been brutal but resilient. CEO Ben Zhou has scrambled to reassure users, securing bridge loans and leaning on $390 million in emergency liquidity from allies like Binance and Bitget to patch the gaping $1.4 billion hole. Withdrawals hit a staggering $5.3 billion in the aftermath, yet an independent audit by Hacken confirms Bybit’s reserves still outstrip its liabilities. Meanwhile, the exchange has unleashed a counteroffensive, releasing a blacklisted wallet API and dangling a 10% bounty for white-hat hackers bold enough to claw back the stolen loot.
But the real intrigue lies with ZachXBT, the blockchain detective who cracked this case wide open. His forensic trail—spanning test transactions, wallet overlaps, and meticulous timing—nailed the Lazarus Group as the culprits, earning him a cool $30,000 bounty from Arkham Intelligence. His findings don’t just shine a spotlight on the hacks; they hint at a broader spree, with whispers of ties to Solana memecoin scams and rug pulls on platforms like Pump.fun.
As the dust settles, the Web3 community is left grappling with hard truths. The Lazarus Group’s brazen consolidation of funds underscores a chilling reality: even the mightiest exchanges aren’t immune to nation-state hackers wielding cutting-edge tactics. For Bybit and Phemex, it’s a race to rebuild trust and fortify defenses. For the rest of us, it’s a stark reminder that in the wild west of decentralized finance, the line between innovation and vulnerability is razor-thin—and the next blockbuster heist is always just a transaction away.
