FBI Confirms Lazarus Hackers Behind $1.5 Billion Bybit Crypto Heist
The Federal Bureau of Investigation (FBI) has confirmed that North Korean hackers, known as the Lazarus Group, were behind the massive $1.5 billion cryptocurrency heist from exchange Bybit on Friday, marking the largest recorded crypto theft until now.
The FBI released a public service announcement urging RPC node operators, exchanges, bridges, DeFi services, blockchain analytics firms, and other cryptocurrency service providers to block transactions originating from addresses used by North Korean hackers to launder the stolen assets. This move aims to prevent the thieves from easily transferring the funds to other wallets or exchanging them for fiat currency.
The attack began when the Lazarus Group intercepted a scheduled transfer of funds from one of Bybit's cold wallets into a hot wallet, redirecting the cryptocurrency to a blockchain address under their control. The hackers have since converted some of the stolen assets to Bitcoin and dispersed them across thousands of addresses on multiple blockchains.
According to crypto fraud investigator ZachXBT, multiple links to the infamous North Korean threat group were discovered after the attackers sent some of the stolen Bybit funds to an Ethereum address used in previous hacks linked to Lazarus Group hackers. The findings were corroborated by blockchain analysis firm Elliptic and blockchain intelligence company TRM Labs.
Blockchain intelligence company Chainalysis revealed that this incident is part of a larger pattern, with North Korean threat actors responsible for stealing over $6 billion in crypto assets since 2017, reportedly spent on the country's ballistic missile program. The U.S. federal law enforcement agency also shared 51 Ethereum addresses linked to those who held or still hold cryptocurrency stolen from Bybit.
Blockchain analysis firm Elliptic noted that North Korean hackers have been steadily increasing their crypto thefts throughout 2024, with $1.34 billion in crypto heists reported last year alone. The recent Bybit hack now puts the total amount of stolen assets at over $1.5 billion.
How the Hack Was Conducted
The attack on Bybit began when North Korean hackers breached a Safe{Wallet} developer machine, gaining access to an account operated by Bybit. This allowed them to target the Safe Ecosystem Foundation's infrastructure, compromising it and enabling the proposal of a disguised malicious transaction.
Preliminary Findings
Two preliminary post-mortems on the incident were shared by cybersecurity company Sygnia and finance security firm Verichains, stating that the attack originated from the Safe{Wallet} developer machine. The Safe Ecosystem Foundation confirmed these findings, revealing that the Lazarus Group hackers accessed Bybit's Safe through a compromised account operated by the Safe{Wallet}
Implications
The FBI's announcement emphasizes the growing threat posed by state-sponsored hacking groups and highlights the importance of blockchain analytics and cybersecurity measures to prevent similar attacks. With this incident, crypto investors are now more aware than ever of the need for vigilance when handling cryptocurrency transactions.
Update: North Korea Confirmed as Culprit Behind $1.5 Billion Bybit Crypto Heist
The FBI's latest update emphasizes that North Korean hackers are behind the massive cryptocurrency heist from exchange Bybit, marking a significant escalation in the threat posed by state-sponsored hacking groups.