FBI Points to North Korean Hackers in $1.5 Billion Crypto Breach at Bybit

The Federal Bureau of Investigation has implicated North Korean-backed hacking groups in a major cryptocurrency heist involving $1.5 billion in digital assets.

The cyberattack targeted Bybit, a Dubai-based cryptocurrency exchange, making it one of the largest crypto thefts publicly known. This incident has drawn attention to North Korea’s ongoing role in cyber-enabled financial crimes.

FBI Blames North Korean Hackers for $1.5 Billion Crypto Heist

The hackers—identified as TraderTraitor and the Lazarus Group—allegedly deployed malware through modified cryptocurrency trading applications, allowing them to seize Ethereum and convert it into other cryptocurrencies, according to an FBI statement released on Wednesday.

The stolen funds were rapidly transferred to thousands of wallet addresses across multiple blockchains. The FBI suspects these assets will eventually be laundered and converted into fiat currency.

While the North Korean government has not acknowledged the theft, reports from South Korea’s intelligence agencies suggest that North Korea has stolen $1.2 billion in cryptocurrency over the past five years.

The Washington Post reporting this noted:

It represents a rare source of badly needed foreign currency to support its fragile economy and fund its nuclear program in the face of intense U.N. sanctions and North Korea’s strict border closures during the coronavirus pandemic. A UN experts panel separately said it was investigating 58 suspected cyberattacks by North Korea between 2017 to 2023 that saw some $3 billion stolen to “reportedly help to fund the country’s development of weapons of mass destruction.”

Bybit’s Response and Industry Implications

Bybit’s co-founder and CEO, Ben Zhou, addressed the FBI’s accusations by linking to a site offering bounties to track and freeze the stolen assets.

https://t.co/FTHW8gIsT9 https://t.co/SdxPifNHUG

— Ben Zhou (@benbybit) February 27, 2025

The exchange revealed that the attack involved a sophisticated exploit targeting their offline or “cold” wallets, which are generally considered more secure than online storage. According to blockchain analytics firm Certik, this breach ranks as the largest blockchain-related hack to date.

Bybit Incident Technical Analysis

A phishing attack bypassed multi-sig safeguards, tricking signers into approving a malicious contract upgrade. Hackers exploited:
Device compromise (via social engineering)
Blind signing (UI spoofing on Safe{Wallet} + Ledger)

Learn… pic.twitter.com/FwnTDbskcc

— CertiK (@CertiK) February 23, 2025

Blockchain analyst Manuel Villegas explained that the attackers used a “blind signing” exploit. This method involves a fake user interface mimicking the legitimate platform, tricking users into authorizing unauthorized transactions.

The repercussions of this breach have extended beyond Bybit’s ecosystem, triggering a decline in overall cryptocurrency prices. Bitcoin has so far faced significant plunge falling to as low as $82,000 levels on Wednesday.

Industry observers suggest that this incident will increase regulatory scrutiny on cryptocurrency exchanges and their security measures.

Featured image created with DALL-E, Chart from TradingView