FBI accuses North Korea of $1.5 Billion Bybit crypto heist
The Federal Bureau of Investigation (FBI) has officially accused North Korea’s cybercrime group, Lazarus, of orchestrating a massive $1.5 billion heist in Ethereum from cryptocurrency exchange Bybit.
The FBI issued a public alert on February 26, 2025, urging the global community to help track and recover the stolen funds before they are laundered and converted to fiat currency.
According to the FBI, the TraderTraitor actors—North Korea’s notorious cyber unit—executed the theft on February 21 by subverting a SafeWallet transfer and redirecting Ethereum meant for Bybit’s hot wallet into their own accounts.
Laundering Stolen Funds at Rapid Speed
Advertisement
The FBI warned that the stolen Ethereum is already being laundered across multiple blockchains. “TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains,” the FBI stated. “It is expected these assets will be further laundered and eventually converted to fiat currency.”
The agency released a list of Ethereum wallet addresses suspected to be holding the stolen funds and urged RPC node operators, crypto exchanges, blockchain analytics firms, DeFi services, and other virtual asset providers to block transactions linked to these accounts.
Bybit Offers 10% Bounty for Recovery of Stolen Funds
The Dubai-based exchange, Bybit, has taken independent action by launching a bounty program, offering 10% of the recovered amount to anyone who can successfully trace and halt the illicit movement of its stolen assets. The exchange’s efforts come as more than $40 million in stolen tokens have been identified and frozen—but a significant portion remains unaccounted for.
Cryptocurrency exchange Chainflip has already intercepted about $1 million in stolen funds passing through its platform and has taken measures to curb further transfers. “We’re aware of the hacker’s attempts to move the Bybit hack funds to BTC via Chainflip,” the exchange revealed. “We have disabled some front-end services to stop the flow, but as a fully decentralized protocol with 150 nodes, we can’t completely shut down the protocol.”
A Growing Threat: North Korea’s Cybercrime Tactics
North Korea’s Lazarus Group has a notorious reputation for crypto-related cyber heists, with previous attacks on Axie Infinity, Horizon Bridge, and Atomic Wallet totaling over $3 billion in stolen funds. The FBI maintains that these operations help fund Pyongyang’s illicit nuclear weapons program and sustain the heavily sanctioned regime of Kim Jong Un.
Bybit’s latest heist adds to concerns about the vulnerabilities of crypto exchanges and the increasing sophistication of state-backed cybercriminals.
Urgent Call for Action
With billions at stake, the FBI is rallying global law enforcement, cybersecurity firms, and blockchain experts to take immediate action. “The FBI remains committed to protecting the virtual asset community by identifying, mitigating, and disrupting North Korea's illicit cybercrime and virtual asset theft activities,” the agency stated in its alert.
Anyone with information regarding the stolen assets is encouraged to report to the FBI’s Internet Crime Complaint Center (ic3.gov) or their local FBI field office.
As law enforcement intensifies its efforts, the Bybit hack serves as a stark reminder of the growing threats posed by state-sponsored cybercriminals, the need for stronger blockchain security, and the importance of global cooperation in securing digital assets.
