North Korea behind $1.5bn theft of crypto exchange ByBit - FBI

Thursday, February 27, 2025 -The FBI has accused North Korean-linked hackers of conducting one of the largest thefts of cryptocurrency, seizing some $1.5 billion worth of Ethereum from a Dubai-based firm.

The theft earlier this month targeting Bybit, one of the world’s largest crypto exchanges, represents yet another involving a team of hackers identified by the U.S. government by the names TraderTraitor and the Lazarus Group.

The hackers steal cryptocurrency “through the dissemination of cryptocurrency trading applications that were modified to include malware that facilitates theft of cryptocurrency,” the FBI has said.

In an online public service announcement late Wednesday, the FBI said it believed the North Korean-backed hackers were “responsible for the theft.”

“TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains,” the FBI said in its announcement. “It is expected these assets will be further laundered and eventually converted to fiat currency.”

North Korean state media has not acknowledged either the theft or the FBI accusation.

However, North Korea has stolen an estimated $1.2 billion in cryptocurrency and other virtual assets in the past five years, according to South Korea’s spy agency.

A U.N. experts panel separately said it was investigating 58 suspected cyberattacks by North Korea between 2017 to 2023 that saw some $3 billion stolen to “reportedly help to fund the country’s development of weapons of mass destruction.”

Bybit co-founder and CEO, Ben Zhou, acknowledged the FBI’s announcement in a post on the social platform X by linking to a website offering $140 million in bounties for tracking the stolen crypto and getting it frozen by other exchanges.

Bybit has said a routine transfer of Ethereum, one of the most popular cryptocurrencies, from a so-called “cold” or offline wallet was “manipulated” by an attacker who transferred the crypto to an unidentified address.

The blockchain analytics firm Certik has described the theft as “the largest breach” in the history of blockchain transactions.