FBI confirms North Korea-backed Lazarus hackers cheated Bybit of $1.5 billion
The Federal Bureau of Investigation has confirmed that North Korea is the perpetrator behind the recent $1.5 Billion Bybit exploit.
In a Public Service Announcement made on Feb. 26, the agency attributed that the attack was the result of TraderTraitor a malicious cyber-campaign linked to North Korean threats actors.
TraderTraitor is a group of malware-infested apps that are disguised as price prediction and crypto trading tools.
These applications were built using JavaScript cross-platform and the Electron Framework, which are derived from different open-source projects. Cybercriminals behind this campaign create well-designed websites that are used to lure victims. These sites display fake features and build credibility.
Fund laundering
The FBI reported the funds were already being laundered. Parts of the assets had been converted into Bitcoin by the attackers, who then dispersed them across several blockchain networks.
The agency believes that the funds will eventually be converted into fiat currency via illicit channels.
In order to counteract this, the FBI published a list with flagged addresses that were linked to hackers. It urged virtual asset service providers—including exchanges, DeFi platforms, and blockchain analytics firms—to block transactions associated with these addresses to prevent further money laundering.
The report confirms previous reports by blockchain analysis firm SpotOnChain that hackers had laundered 100,000 ETH worth approximately $250 million in less than four days.
SpotOnChain reported that the laundered money represents 20% of the 499,000 ETH stolen. According to SpotOnChain, cybercriminals were using THORChain as a cross-chain swapping platform for Bitcoin, DAI, DAIX, and other cryptocurrencies.
North Korea’s growing cyber threat
This attack shows North Korea’s increasing success at using cybercrime as a means to fund state operations. The Lazarus Group is a government-backed hacking group that has been responsible for several major digital assets heists.
The FBI has noted that Lazarus Group was responsible for previous crypto platform attacks. The group attacked Horizon Bridge in June 2022, attacked Ronin Bridge in March 2022, and has carried out other attacks as well.
Reports suggest that hackers in North Korea will steal more than $1.3 Billion in digital assets by 2024. That’s a huge increase from the $660 Million they stole in 2023.
Analysts think that the stolen funds fund the nuclear weapons programs of this country and allow it to avoid international sanctions.
Bybit and Safe confirmed to CryptoSlate the North Korean hacking collective Lazarus Group is responsible for the attack. Hackers compromised a developer machine, which allowed them to trick the owners of multisig cold wallets into signing malicious transactions. Safe stated.
“The Safe{Wallet} team has fully rebuilt, reconfigured all infrastructure, and rotated all credentials, ensuring the attack vector is fully eliminated.”
ByBit has also confirmed that most of the assets it holds with Safe have now been removed from vaults in order to prevent any future vulnerabilities.
Postings in: Crime, North Korea (North Korea), Featured, Hacks, Ethereum Author 
Oluwapelumi Adejumo
Oluwapelumi is a believer in Bitcoin’s power. He shares his insights on topics such as DeFi, Hacks, Mining and Culture, highlighting the transformative power of Bitcoin.
@hardeyjumoh LinkedIn Email Oluwapelumi Editor
Liam ‘Akiba’ Wright
Liam Wright (also known as Akiba) is the Editor-in Chief of CryptoSlate, and the host for the SlateCast. He believes that the decentralized technologies have the potential to bring positive changes in society.
@akibablade LinkedIn Email Editorial Ad 
