FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack

FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack

The Federal Bureau of Investigation (FBI) has confirmed that the recent cyber heist at cryptocurrency exchange Bybit was carried out by a group linked to North Korea, known as TraderTraitor. The massive attack resulted in the theft of over $1.5 billion worth of Ethereum and stETH, making it the largest cryptocurrency heist in history.

Last week, Bybit suffered a sophisticated cyberattack that compromised its ETH cold wallet, allowing threat actors to redirect funds to an unknown address. The attack masked the signing interface, displaying the correct address while altering the underlying smart contract logic. As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.

Bybit's security team, leading blockchain forensic experts, and partners are investigating the security breach. The company assures users and partners that all other cold wallets remain fully secure, client funds are safe, and operations continue without disruption. Maintaining transparency and security is a top priority for Bybit, and the company will provide updates as soon as possible.

Bybit speculated that attackers likely exploited a vulnerability in the Safe.global platform's user interface but shared no technical details. The exchange has over $20 billion in assets under management and plans to use a bridge loan if needed to ensure user funds remain available.

Blockchain cybersecurity firm Elliptic was among the first research teams that attributed the cyber heist to the notorious North Korea-linked APT Group Lazarus, however, Bybit has yet to confirm it. Tom Robinson, Co-founder of Elliptic, said: "Almost $1.5 billion in crypto was stolen from Bybit today. That makes it by far the largest crypto heist of all time. It's also potentially the largest single theft of any kind, ever."

"*Update* It's now been confirmed that North Korea's Lazarus Group were behind this hack.."

Cybersecurity firm Arkham Intelligence also attributed the attack to the Lazarus APT group.

FBI Attributes Bybit Hack to TraderTraitor

The FBI has released a Public Service Announcement (PSA) that attributes the recent Bybit hack to the North Korean-linked group TraderTraitor. According to the FBI, "TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains."

The FBI also published a list of Ethereum addresses that are holding or have held assets from the theft, and are operated by or closely connected to North Korean TraderTraitor actors. The agency advises users to be cautious when dealing with suspicious transactions and to report any potential threats to the authorities.

Conclusion

The recent Bybit hack is a stark reminder of the ongoing threat posed by North Korea-linked cyber groups. The FBI's attribution of the hack to TraderTraitor highlights the importance of international cooperation in combating cybercrime. As the cryptocurrency market continues to evolve, it is essential for exchanges and users to remain vigilant and take proactive measures to protect themselves against such attacks.