The Federal Bureau of Investigation (FBI) has officially attributed last week's massive $1.5 billion cryptocurrency theft from Dubai-based exchange Bybit to North Korean hacking group known as TraderTraitor, also called the Lazarus Group.
In a public service announcement released Wednesday, the FBI revealed that the hackers are rapidly converting the stolen assets into Bitcoin and other cryptocurrencies, spreading them across multiple blockchain addresses in an apparent attempt to launder the funds.
According to crypto analytics firm EmberCN, the attackers have already laundered over 135,000 Ether (ETH) since February 21st, while approximately 363,900 ETH (worth around $825 million) remains unmoved from the initial hack.
The FBI has identified 51 Ethereum addresses controlled by or linked to TraderTraitor and is urging cryptocurrency industry players to block any transactions involving these addresses. Blockchain intelligence company Elliptic has expanded this list, flagging over 11,000 wallet addresses potentially connected to the Bybit exploit.
"The hackers are using decentralized exchanges, cross-chain bridges, and instant swap services that don't require identity verification, making fund recovery increasingly challenging," said a spokesperson from Chainalysis, a crypto forensics firm tracking the incident.
The FBI has called for immediate action from cryptocurrency node operators, exchanges, and other industry participants to help recover the stolen funds. The bureau is asking organizations to:
- Block transactions linked to identified TraderTraitor addresses
- Report suspicious activities to the FBI's Internet Crime Complaint Center
- Deploy blockchain analytics tools to track and flag compromised wallets
Bybit representatives stated that the attack occurred during a routine transfer of ethereum from a cold storage wallet, which was "manipulated" by the attacker who redirected the funds to an unknown address.
The incident marks the largest cryptocurrency heist to date and highlights ongoing security challenges in the digital asset sector. North Korean state media has not commented on the FBI's allegations.