Bybit Breach Drives $2.17B North Korea Crypto Heist, Nearly $1.5B in ETH

Published: 2025-12-29 09:17:08 |

Chainalysis reports North Korea–linked hacking groups stole about $2.17 billion in cryptocurrency in 2025, driven mainly by the February Bybit breach that resulted in nearly $1.5 billion in Ethereum (ETH) being taken — the largest single-asset hack on record. The Lazarus Group is separately tied to a roughly $37 million attack on Upbit, underscoring continued targeting of centralized exchanges. Analysts say state-affiliated actors now represent the majority of service-level thefts for 2025 and have cumulatively stolen billions across years. Chainalysis details laundering patterns used to cash out funds — short, disciplined cycles with sub-$500k transfers, use of Chinese-language payment processors, guarantee services, cross-chain bridges, mixers and exchanges with weak KYC — which complicate recovery and enforcement. The FBI attributed the Bybit theft to DPRK-linked TraderTraitor operators, who moved and converted portions of the funds rapidly. Chainalysis’ Director of National Security Intelligence Andrew Fierman warns sanctions alone are insufficient and urges an industry-wide, coordinated response to disrupt North Korea’s crypto-finance ecosystem. For traders: the report highlights elevated systemic risk from large, state-backed breaches, persistent laundering channels that can keep stolen supply circulating, and continued pressure on exchange security and compliance — factors that can increase volatility especially for assets directly involved (notably ETH).

Bearish

Short-term impact: Bearish for ETH and any directly involved assets. A nearly $1.5B ETH theft increases available illicit supply that attackers may try to sell or swap, pressuring price and increasing volatility, especially as rapid conversions (per FBI findings) can cause sudden sell-side pressure. Market sentiment may turn risk-averse toward centralized exchanges, prompting withdrawals and temporary liquidity contractions that can amplify price moves. Long-term impact: Mixed-to-bearish. Repeated large, state-linked breaches push exchanges to tighten security and compliance, which is positive for structural integrity but may slow innovation and increase costs. Persistent laundering channels that remain operational could keep some illicit supply circulating, sustaining downside pressure until enforcement and cross-industry coordination reduce exit routes. Traders should watch on-chain flows from addresses tied to the breach, increases in ETH sell-side activity, exchange orderbook depth, and regulatory responses; these indicators will determine the scale and duration of price impact.