$2B Bybit hack linked to North Korea, Iran involvement unconfirmed

https://www.hollaex.com/blog/bybit-review-pros-cons-fees-more

Investigators have reportedly linked $1.5 billion in hack funds to the Bybit cryptocurrency exchange exploit, with connections drawn to North Korea and Iran. This exploit, which occurred in February 2025, involved the theft of approximately 401,000 ETH and 90,375 stETH from Bybit’s cold wallet infrastructure. The FBI has previously attributed the attack specifically to North Korea’s Lazarus Group, particularly the TraderTraitor subgroup. Despite the original report’s mention of Iran, no credible public sources have confirmed Iran’s involvement in this specific exploit. The revelation could have significant implications for the cryptocurrency market, suggesting heightened concerns over security breaches.

Key Takeaways

The reported connection to Iran is not corroborated by any credible public attribution, which consistently identifies North Korea as the responsible state actor.

The magnitude of the Bybit hack aligns with the upper end of predictions for 2026, suggesting a potential increase in the total crypto hack value for the year.