FBI has confirmed that North Korean hackers stole $1.5 billion from cryptocurrency exchange Bybit on Friday in the largest crypto heist recorded until now.
The state-sponsored hacking group (tracked as TraderTraitor, Lazarus Group, and APT38) intercepted a scheduled transfer of funds from one of Bybit’s cold wallets into a hot wallet, subsequently redirecting the cryptocurrency to a blockchain address under their control.
“The Federal Bureau of Investigation (FBI) is releasing this PSA to advise the Democratic People’s Republic of Korea (North Korea) was responsible for the theft of approximately $1.5 billion USD in virtual assets from cryptocurrency exchange, Bybit, on or about February 21, 2025,” the FBI said in a Public Service Announcement issued on Wednesday.
“TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains. It is expected these assets will be further laundered and eventually converted to fiat currency.”
Since the incident, crypto fraud investigator ZachXBT discovered multiple links to the infamous North Korean threat group after the attackers sent some of the stolen Bybit funds to an Ethereum address used in the Phemex, BingX, and Poloniex hacks previously linked to Lazarus Group hackers.
ZachXBT’s findings were confirmed by blockchain analysis firm Elliptic and blockchain intelligence company TRM Labs, who shared more info on the hackers’ attempts to slow down tracing attempts and found “substantial overlaps observed between addresses controlled by the Bybit hackers and those linked to prior North Korean thefts.”
On Wednesday, Bybit CEO Ben Zhou also shared two preliminary post-mortems of the incident from cybersecurity company Sygnia and finance security firm Verichains, which found that the attack originated from infrastructure operated by multisig wallet platform Safe{Wallet}.
The Safe Ecosystem Foundation confirmed their findings, revealing the attack was conducted by first hacking into a Safe{Wallet} developer machine, which provided the North Korean hackers access to an account operated by Bybit.
“The forensic review into the targeted attack by the Lazarus Group on Bybit concluded that this attack targeted to the Bybit Safe was achieved through a compromised Safe{Wallet} developer machine resulting in the proposal of a disguised malicious transaction,” Safe said.
On Wednesday, the FBI encouraged RPC node operators, exchanges, bridges, DeFi services, blockchain analytics firms, and other cryptocurrency service providers to block transactions originating from addresses used by North Korean hackers to launder the stolen assets.
The U.S. federal law enforcement agency also shared 51 Ethereum addresses of those who held or still hold cryptocurrency stolen from Bybit on Friday and were linked to the Lazarus hackers.
To put the amount of cryptocurrency stolen in the Bybit crypto heist into perspective, blockchain analysis company Chainalysis said North Korean hackers stole $1.34 billion in 47 crypto heists throughout the entirety of 2024, while Elliptic added last week that they’ve “stolen over $6 billion in crypto assets since 2017, with the proceeds reportedly spent on the country’s ballistic missile program.”
Source link
-
-
-
-
-
-
-
-
