TLDR
- FBI pinpoints North Korea's Lazarus Group as the masterminds behind the $1.4 billion Bybit crypto theft, dubbing the initiative “TraderTraitor”
- On February 21, hackers infiltrated a Safe{Wallet} developer's system, inserting harmful software during a simple transfer operation.
- The looted funds have been transformed into Bitcoin and distributed across countless addresses on various blockchain networks.
- Bybit's CEO Ben Zhou has reassured users that the platform remains financially secure despite the cyberattack.
- The FBI has publicized a document listing 48 Ethereum addresses linked to North Korean cyber actors, urging crypto businesses to prevent transactions with them.
The FBI Federal authorities have officially traced last week's monumental $1.4 billion crypto robbery at Bybit back to North Korean cybercriminals. On Wednesday, through a public announcement, authorities confirmed what many in the crypto sector had speculated since the attack on February 21.
Dubbed as the “TraderTraitor” operation, the organization Lazarus Group from North Korea has been identified as the force behind this incident, with a notable history of similar cyber heists.
Per the FBI's statement, the cybercriminals have swiftly moved to convert the stolen digital assets into Bitcoin and other cryptocurrencies.
These assets are now dispersed through an expansive network of “thousands of addresses on numerous blockchains,” complicating the traceability efforts. The FBI anticipates further laundering attempts before the conversion to traditional cash.
On Wednesday evening, SlowMist, a security firm, divulged technical information concerning the breach.
It has been revealed that a Safe{Wallet} developer's system was infiltrated. This breach permitted attackers to insert harmful scripts into the user interface, intercepting and altering transaction details during a routine transfer.
Safe{Wallet}, whose framework was compromised in the incident, acknowledged the security gap. They explained, “The forensic exploration into the targeted hack carried out by the Lazarus Group on Bybit established that the attack was executed via a Safe{Wallet} developer’s compromised device.”
An estimated $140 million has already been clandestinely moved through channels tied to North Korean agents, highlighted by Elliptic, a blockchain analysis firm.
By the weekend following the attack, Bybit CEO Ben Zhou, amidst the vast theft, assured users that the exchange is financially robust. “We are equipped to absorb the hack loss without affecting client assets, which remain fully backed, 1 to 1,” Zhou conveyed on X (previously Twitter), on the incident day. Recovery strategies have had limited success till now. Elliptic later showed that approximately $43 million of the stolen funds have been recovered through security interventions.
ByBit is OK
Further, $243,000 has been seized from hacker-associated accounts. Bybit has incentivized security experts with a 10% reward to assist in fund retrieval.
The crypto exchange has declared a “war” on the Lazarus Group
as its efforts continue to recoup the pilfered digital currency. The FBI is collaborating with private sector stakeholders to trace and freeze these stolen funds.
Federal agencies have disclosed a roster of 48 Ethereum addresses managed or affiliated with the North Korean TraderTraitor group, urging crypto exchanges and service providers to obstruct any transactions with these addresses. This hacking incident aligns with a cycle of North Korean state-backed cybercrime that targets the crypto industry. Experts assert these attacks fund Kim Jong Un's defense projects by exploiting seized digital resources.
The FBI's disclosure follows Arkham Intelligence, a blockchain data platform, initially linking the cyberattack to the Lazarus Group. This connection was drawn through on-chain data that tied activities to prior attacks associated with the group.
Oliver Dale, Editor-in-Chief of Blockonomi and founder of UK-rooted Kooc Media, is an advocate for open-source software, blockchain tech, and universally free internet.
His writings have earned mentions in reputable outlets like Nasdaq, Dow Jones, Investopedia, The New Yorker, Forbes, TechCrunch, and more. For inquiries, reach out to [email protected].
