North Korean Hackers Behind Largest Ever Financial Theft

The largest known financial heist in history has been perpetrated by a North Korean state-backed hacker group, according to experts. The heist against Dubai-based Bybit - which claims to be the world's second-largest cryptocurrency exchange by volume - took place on February 21, during which $1.5 billion was stolen. This massive cyber attack has left the financial community reeling and has prompted a series of indictments, sanctions, and warnings from the United States, South Korea, and other countries.

Lazarus Group, a well-known hacking group that has been involved in other high-profile attacks dating back over a decade, is believed to be behind the attack. Lazarus works under North Korea's Reconnaissance General Bureau and primarily targets virtual asset exchanges and financial institutions, using the stolen funds to develop missiles and as a means of raising foreign currency for the North Korean regime.

The cyber attacks have been attributed to various factors, including an analysis of how the stolen assets were being laundered, which points to North Korea. Elliptic, a U.K.-based cryptocurrency security research firm, has backed up this assessment, while the FBI referred to the hack as "TraderTraitor" in a public service announcement on Wednesday.

The stolen $1.5 billion is approximately $160 million more than the total amount stolen by North Korea in cryptocurrency hacks last year, according to research firm TRM Labs. The FBI has asked exchanges and other entities to block transactions from a list of blockchain addresses that TraderTraitor actors have been using to launder the stolen cryptocurrency.

ByBit has offered a financial reward to anyone who reports an attempt to launder the assets. "We are taking a stand to ensure that every transaction is visible and every hacker is held accountable," said ByBit's official statement. "Our multi-pronged offensive is a clear message: if you steal, you will be found, and justice will be swift."

Investigators can now quickly track crypto transactions, according to Andrew Fierman, head of national security intelligence at cryptocurrency analysis and security company Chainalysis. Chainalysis has so far helped freeze over $40 million of the stolen funds, while Elliptic has assisted in freezing $243,000, both firms said.

"Industry-wide improvements in compliance make it harder for bad actors to cash out," Fierman told Radio Free Asia. "What's remarkable about crypto is that the eyes of the ecosystem are on the funds as they move through the blockchain," he said. "This level of visibility wouldn't be possible in traditional financial markets."

Even so, the hackers have been able to launder more than $400 million through various digital assets, according to Ari Redbord of TRM Labs. The laundering process includes transfers through intermediary wallets, conversion into different cryptocurrencies and the use of decentralized exchanges.

The FBI public announcement on February 26, 2025, advises that North Korea was responsible for the theft of approximately $1.5 billion in virtual assets from cryptocurrency exchange Bybit. However, North Korea has never acknowledged a connection to Lazarus or any involvement in the attack.