The largest crypto exchange hack in history turned out to be more than a theft. It became a blueprint for how sanctioned nations move money in the open.
Bybit, the Dubai-based crypto exchange, has been linked to roughly $2 billion in illicit financial flows connected to Iran, with investigators tracing the movement of funds stolen by North Korean state-sponsored hackers through the platform. The Wall Street Journal reported on the connection, painting a picture of a digital financial underground where Pyongyang’s cybercriminals and Tehran’s sanction-evaders found common cause on the same infrastructure.
How the money moved
On February 21, 2025, hackers linked to North Korea’s Lazarus Group pulled off what is now the largest single crypto exchange hack ever recorded, lifting $1.5 billion worth of ether from Bybit.
The FBI and blockchain analytics firm Chainalysis both attributed the attack to Lazarus, a state-sponsored hacking unit that has spent years turning cybercrime into a revenue stream for the North Korean government.
