ROME — The FBI has accused North Korean-linked hackers of executing one of the largest cryptocurrency thefts on record, stealing approximately $1.5 billion worth of ethereum from Bybit, a Dubai-based crypto exchange. This breach, which occurred earlier this month, is attributed to a hacking group identified by the U.S. government as TraderTraitor and the Lazarus Group. These hackers reportedly infiltrate systems by distributing cryptocurrency trading applications modified with malware designed to facilitate theft.
In a public service announcement issued late Wednesday, the FBI stated its belief that North Korean-backed hackers were behind the theft. The agency noted that the stolen assets have been partially converted into Bitcoin and other virtual currencies, dispersed across thousands of addresses on multiple blockchains. The FBI anticipates these assets will be further laundered and eventually converted into fiat currency.
North Korean state media has not commented on the theft or the FBI’s accusations. Similarly, Pyongyang’s mission to the United Nations in Geneva has not responded to requests for comment. According to South Korea’s spy agency, North Korea has stolen an estimated $1.2 billion in cryptocurrency and virtual assets over the past five years. This revenue stream is critical for supporting the country’s fragile economy and funding its nuclear program amid stringent U.N. sanctions and border closures during the coronavirus pandemic.
A U.N. panel of experts is investigating 58 suspected cyberattacks by North Korea between 2017 and 2023, with stolen funds totaling approximately $3 billion reportedly used to finance the country’s weapons of mass destruction programs.
Bybit’s co-founder and CEO, Ben Zhou, acknowledged the FBI’s announcement on the social platform X, linking to a website offering $140 million in bounties for tracking and freezing the stolen cryptocurrency. Bybit revealed that a routine transfer of ethereum from an offline wallet was manipulated by an attacker, redirecting the funds to an unknown address. Certik, a blockchain analytics firm, described the incident as the largest breach in the history of blockchain transactions.
— news from ABC News