Key takeout
- The FBI has identified North Korea as the cause of the $1.5 billion BYBIT Crypto Heist.
- Trader actors are dispersing stolen digital assets across thousands of blockchain addresses.
Please share this article
The Federal Bureau of Investigation (FBI) announced Wednesday that they had announced North Korea as an entity believed to be responsible for the $1.5 billion BYBit Crypto theft. The agency labeled the cyber activity “Tradertraitor.”
The attack, which took place on February 21, fell as the largest publicly disclosed crypto hack on record. The Lazaro Group, the notorious North Korean hacking organization, has been identified as the actor who carried out a massive cyber invasion against Bibit.
According to federal authorities, trader operators have already begun to convert stolen assets into bitcoin and other digital assets, spread across thousands of addresses on multiple blockchains. The agency expects these assets to undergo further washing before they are converted into Fiat currency.
The FBI is urging private sector entities, including RPC node node operators, exchanges, bridges, blockchain analytics companies, Defi Services, and other virtual asset service providers, to block transactions using addresses linked to trader operator actors.
The agency has released a list of 48 Ethereum addresses that hold or hold assets from theft and identifies them as being run by or closely related to North Korean merchant actors.
Bybit confirms $1.5 billion hack link to the Lazarus Group
On Wednesday, BYBit disclosed its preliminary investigation report on the attack. The report uncovered the compromised SAFE (wallet) credentials as a result, resulting in a $1.5 billion theft in Ethereum. The secure developer credentials were compromised, causing unauthorized access and malicious transactions.
The compromise occurred during a fund rotation operation via SAFE (wallet) where malicious JavaScript was injected into SAFE's AWS S3 bucket and affects the multi-sig transaction process. Although Bybit's infrastructure was not directly compromised, the attacks came from compromised, secure developer machines, affecting critical Bibit transfers. The exchange said it is actively tracking and working on collecting stolen funds, and will release the latest updates as soon as they become available.
Please share this article
