TLDR

FBI accuses North Korean hackers of stealing $1.5 billion in crypto from Dubai-based Bybit exchange
Hack occurred February 21, 2025, during a routine transfer from a cold wallet
“TraderTraitor” and “Lazarus Group” hackers are rapidly converting stolen assets to Bitcoin across thousands of addresses
Bybit CEO Ben Zhou claims exchange remains solvent despite the theft
Approximately $43 million has been recovered, with Bybit offering bounties worth $140 million for help tracking the stolen funds

The FBI has accused North Korean-backed hackers of stealing approximately $1.5 billion worth of Ethereum from Bybit, a Dubai-based cryptocurrency exchange. The theft occurred earlier this month and represents one of the largest cryptocurrency heists ever recorded.

The hackers, identified by U.S. authorities as “TraderTraitor” and the “Lazarus Group,” targeted Bybit during a routine transfer from an offline “cold” wallet. According to security firm SlowMist, the attackers compromised a Safe{Wallet} developer’s machine and injected malicious code.

This allowed the hackers to intercept and modify transaction parameters during the planned transfer. The attackers created a fake interface that mimicked the trusted platform, deceiving users through what experts call a “blind signing type of exploit.”

The FBI issued a public service announcement on Wednesday, February 26, confirming North Korean involvement in the theft. Federal authorities have warned that the stolen cryptocurrency is being rapidly laundered.

North Korea Responsible for $1.5 Billion Bybit Hack: FBI

“TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets,” the FBI stated. These assets have been dispersed across thousands of addresses on multiple blockchains.

The FBI expects the funds will undergo further laundering before being converted to traditional currency. They have released a list of 48 Ethereum addresses connected to North Korean actors and are urging crypto firms to block transactions with these addresses.

Bybit co-founder and CEO Ben Zhou has addressed the situation on social media. He shared a link to a website offering $140 million in bounties for tracking the stolen crypto and getting it frozen by other exchanges.

Despite the massive theft, Zhou assured users that the exchange remains financially stable. “Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss,” Zhou stated on X (formerly Twitter).

Recovery efforts have shown some limited success so far. Blockchain analytics firm Elliptic revealed that security experts have retrieved approximately $43 million of the stolen assets. An additional $243,000 has been seized from accounts associated with the hackers.

The blockchain analytics firm Certik has described the theft as “the largest breach” in the history of blockchain transactions. The incident has caused overall crypto prices to drop in recent days as investors have been spooked by the hack.

Bitcoin traded over $82,000 a coin on Thursday, down from a high of over $100,000 a month ago. This price drop comes despite the cryptocurrency industry getting a boost from the recent election of U.S. President Donald Trump.

North Korea Hacks

North Korea has been linked to numerous cryptocurrency thefts in recent years. According to South Korea’s spy agency, North Korea has stolen an estimated $1.2 billion in cryptocurrency and other virtual assets in the past five years.

These thefts provide a rare source of badly needed foreign currency for North Korea’s economy. A U.N. experts panel said it was investigating 58 suspected cyberattacks by North Korea between 2017 and 2023 that saw some $3 billion stolen.

The stolen funds reportedly help finance North Korea’s development of weapons of mass destruction. The country faces intense U.N. sanctions and economic challenges stemming from strict border closures during the COVID-19 pandemic.

North Korean state media has not acknowledged either the theft or the FBI accusation. Pyongyang’s mission to the United Nations in Geneva did not respond to requests for comment from The Associated Press.

Safe{Wallet}, whose infrastructure was exploited in the hack, released a statement acknowledging the breach. “The forensic review into the targeted attack by the Lazarus Group on Bybit concluded that this attack targeted the Bybit Safe was achieved through a compromised machine of a Safe{Wallet} developer,” the company stated.

The FBI’s confirmation follows initial analysis by blockchain data platform Arkham Intelligence, which linked the hack to the Lazarus Group. The connection was made using on-chain data that tied the activity to previous attacks linked to the group.

The post FBI Confirms North Korean Hackers Behind $1.5 Billion Bybit Cryptocurrency Theft appeared first on CoinCentral.

---

Filed under: News - @ February 27, 2025 12:23 pm