Back to Blog
LegalTech & AI

Binance, Bybit and Digital Coups: How North Koreans Drain Wallets

NakedPact Editorial Committee
Reviewer: Carmelo G.
Comitato Editoriale NakedPact
12 Giugno 2026
6 min read
Binance, Bybit and Digital Coups: How North Koreans Drain Wallets

How do North Koreans drain wallets on Binance and Bybit?

North Koreans exploit vulnerabilities in the security protocols of centralized exchanges like Binance and Bybit to steal cryptocurrencies. Through phishing attacks, malware, and social engineering, they access wallets and transfer funds to addresses controlled by Pyongyang, violating international laws and user privacy.

Imagine waking up to find your Binance wallet empty. It's not a nightmare: it's the reality for thousands of users hit by North Korean hackers. These attacks, often orchestrated by the infamous Lazarus Group, are not just digital thefts: they are real digital coups, aimed at funding Kim Jong-un's regime.

How does it work? Attackers exploit security flaws in exchanges. On Binance, for example, they used spear phishing techniques to steal login credentials. On Bybit, they took advantage of vulnerabilities in smart contracts. Once inside, they transfer funds through a network of anonymous wallets, making tracking nearly impossible.

But it's not just a technical issue. There is a regulatory vacuum that allows these attacks to thrive. Exchanges, despite having due diligence obligations, often fail to stop suspicious transactions in time. Additionally, international laws on exchange liability are still weak.

For users, protection is poor. If your wallet is drained, recovering funds is nearly impossible. Platforms offer refunds only in exceptional cases, and authorities rarely manage to trace the culprits.

An interesting aspect is the comparison with American regulation. In California, the CCPA/CPRA requires companies to immediately notify data breaches and implement stricter security measures. However, compared to the American model, Europe has stricter transparency rules but less effective ones in preventing cryptocurrency thefts. This shows the need for a global approach, with severe penalties for exchanges that do not protect wallets.

Protect your wallet

Is your wallet at risk? Calculate your security level.

Current risk: High

Enable two-factor authentication (2FA) and use a hardware wallet to reduce risk.
The interactive 'wallet-security' widget is designed to educate users about cryptocurrency theft risks. It uses a dark style to grab attention, with a red risk indicator to highlight the threat. The 'Activate protection' button triggers a hidden tip, encouraging users to implement security measures like 2FA or hardware wallets. This gamified approach boosts engagement and awareness.
NakedPact Logo

NakedPact Editorial Committee

Article created by the NakedPact editorial team. Our mission is to analyze, simplify, and expose unfair terms and hidden risks in everyday contracts to protect citizens and consumers.

Do you own a website?

Do you own a website?

Want to communicate your data processing transparency to your users? Dynamically use our badge and showcase your platform's compliance.

🛡️ Protect your rights with one click

Don't risk signing abusive clauses. Install the free NakedPact extension for Chrome or Firefox and instantly analyze any contract on the web.

Don't trust, verify.

Now that you know the risks, don't sign blindly. Upload your contract to NakedPact and let AI find the hidden clauses for you. It's 100% free.

Analyze Your Contract Now

Rispettiamo la tua privacy

Usiamo i cookie per migliorare la tua esperienza e personalizzare gli annunci. Scopri di più.

NakedPact Logo

Estensione Chrome

Analizza i contratti e i Termini di Servizio direttamente sul tuo browser con l'estensione NakedPact.