FBI Links North Korea to $1.5 Billion Crypto Heist

WASHINGTON — The Federal Bureau of Investigation announced Wednesday that North Korea is responsible for a massive cyber theft amounting to approximately $1.5 billion from the cryptocurrency exchange ByBit. This incident, described as one of the largest known cryptocurrency heists, highlights the escalating sophistication of North Korean cybercriminals.

The FBI reported that a group of hackers, referred to as “TraderTraitor,” operated swiftly, converting parts of the stolen assets into Bitcoin and other cryptocurrencies, which were then scattered across numerous blockchain addresses. The agency anticipates that these assets will eventually undergo further laundering and be exchanged for traditional fiat currencies.

In a public service announcement, the FBI emphasized the potential for these assets to fund broader state activities. “TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains,” the statement said. The FBI did not specify how much has already been laundered.

ByBit, a Dubai-based exchange with over 60 million users globally, confirmed the theft, revealing that an attacker manipulated a routine transfer from a secure “cold” wallet of Ether, transferring it to an unknown address. Ben Zhou, ByBit co-founder and CEO, addressed the situation via social media, sharing a link offering $140 million in bounties for information leading to the recovery of the stolen assets.

The cryptocurrency market has endured considerable fluctuations following the announcement of the theft, with Bitcoin falling from a high of over $100,000 to just over $82,000. This volatility echoes concerns raised by Certik, a blockchain analytics firm, which referred to the incident as “the largest breach” in the history of blockchain transactions.

According to South Korea‘s spy agency, North Korean hackers have been involved in multiple cyberattacks targeting cryptocurrency exchanges in recent years, accumulating over $3 billion through their operations since 2017. This funding is believed to support North Korea’s nuclear weapons program amidst ongoing U.N. sanctions and economic hardships aggravated by the COVID-19 pandemic.

Nations monitoring these cyber activities highlight the strategic implications of North Korea’s heightened cyber capabilities, particularly their potential to finance weapons of mass destruction. A U.N. panel noted it is currently investigating 58 suspected cyberattacks attributed to North Korea from 2017 to 2023, indicating a pattern of digital theft aimed at bolstering the regime’s military goals.

While the North Korean government has not commented on the latest accusations, it has previously used cybercrime to generate foreign exchange. The FBI’s allegations have intensified scrutiny on North Korea’s cyber strategy, especially bearing in mind its past links to notorious hacking group Lazarus.

As investigations continue, ByBit seeks to enhance its cybersecurity measures and recover the lost assets. Zhou reiterated the exchange’s commitment to collaborating with cybersecurity experts to mitigate future risks and protect user assets.