The FBI has officially attributed last week’s $1.4 billion cryptocurrency theft from Bybit to North Korean hackers, confirming that the attack was carried out under the “TraderTraitor” campaign. In a public notice on Wednesday, the agency revealed that the stolen funds have been converted into Bitcoin and other cryptocurrencies and are now scattered across thousands of blockchain addresses.
The cyberattack, suspected from the start to be the work of the Lazarus Group, has now been directly linked to Kim Jong Un’s regime, which continues to finance its weapons programs through cybercrime. Hackers infiltrated Bybit’s Ethereum cold wallet during a routine transfer operation on February 21, making it the largest publicly disclosed crypto hack in history.
Despite the attack, Bybit CEO Ben Zhou reassured users that the exchange remains financially secure. “Bybit is solvent even if this hack loss is not recovered. All client assets are 1-to-1 backed, and we can cover the loss,” Zhou stated in an X post.
Security firm SlowMist confirmed the attack’s technical details, stating that a compromised developer’s equipment allowed hackers to inject malicious code into the system. Safe{Wallet}, whose infrastructure was exploited in the attack, also confirmed Lazarus Group’s involvement.
By the weekend, approximately $140 million had already been laundered through accounts linked to North Korean operatives, according to blockchain analytics firm Elliptic. However, security experts have recovered about $43 million of the stolen funds, with an additional $243,000 seized from associated accounts.
In response, Bybit has declared “war” on the Lazarus Group, offering a 10% reward for any assistance in recovering the stolen assets. Meanwhile, the FBI is urging crypto exchanges and blockchain firms to block transactions tied to 48 Ethereum addresses linked to the attackers.
Credit: Decrypt (Text Excluding Headline)
