FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist

The FBI has officially linked the $1.4 billion cryptocurrency heist at Bybit to North Korean state-sponsored hackers after security researchers reached the same conclusion.

The agency alleges that the infamous North Korean hacking group Lazarus is behind the hack. Although the FBI didn’t say how it made the determination, other investigators note that stolen Bybit funds have been moving through cryptocurrency wallets tied to other Lazarus hacks. 

The FBI is uring the cryptocurrency industry to freeze any transactions connected to the heist. It warns that hackers “are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains. It is expected these assets will be further laundered and eventually converted to fiat currency.”

Officially linking the hack to North Korea also serves as a warning to the cryptocurrency world. That’s because the US previously sanctioned companies and platforms accused of laundering funds for North Korean hackers. The FBI announcement also flags dozens of Ethereum addresses that have been holding the stolen Bybit funds. According to Bybit, so far, only $42 million of the stolen funds have been frozen.

(Credit: Bybit)

The FBI identified the Bybit hackers as “TraderTraitor,” noting the private cybersecurity industry commonly tracks the group as Lazarus or APT38. The group grabbed headlines in 2014 for the Sony Pictures hack, but Lazarus has since become focused on stealing cryptocurrency, likely in an effort to help fund the North Korean government. In January, the US blamed North Korea for stealing at least $659 million in cryptocurrency in 2024.

In Bybit’s case, the hackers pulled off the heist by initially breaching Safe{Wallet}, a provider of secure cryptocurrency wallets, and adding malicious JavaScript code into the software. The same code could secretly modify the cryptocurrency transactions for Bybit’s wallet, giving the hackers a way to redirect the funds and loot them. 

Bybit, a cryptocurrency exchange, has since issued a $140 million bounty to reward companies and investigators who help track down and freeze the stolen funds. Bybit also received emergency loans to make up for the $1.4 billion lost in the hack.