Bybit, a Dubai-based crypto exchange, has been linked to roughly $2 billion in illicit financial flows connected to Iran. Investigators traced the movement of funds stolen by North Korean state-sponsored hackers through the platform.
On February 21, 2025, hackers from North Korea’s Lazarus Group stole $1.5 billion in ether from Bybit-the largest single crypto exchange heist ever recorded. The FBI and blockchain analytics firm Chainalysis attributed the attack to the Lazarus Group.
The hackers converted a significant portion of the stolen ether into Tether (USDT), a dollar-pegged stablecoin, to facilitate transfers and evade freezing. Chainalysis identified approximately $500 million in USDT flows tied to the hack proceeds.
Iran, cut off from conventional finance by US sanctions, accessed these laundered funds, using Bybit’s infrastructure despite the exchange’s official prohibition on serving Iranian customers. The broader crypto theft landscape in 2025 was severe, with total thefts reaching $3.4 billion. In June 2025, Iran’s largest domestic crypto exchange, Nobitex, was itself hit by a cyberattack that caused roughly $90 million in losses.