FBI Says North Korea Stole $US1.5 Billion in Cryptocurrency
The FBI has confirmed that North Korean hackers are behind the largest-ever cryptocurrency heist, worth an astonishing $US1.5 billion ($2.4 billion). The theft, which took place on February 19, saw malicious code planted in a digital wallet belonging to a Dubai-based crypto exchange called Bybit. The hackers, affiliated with the Lazarus Group, managed to drain almost nine per cent of Bybit's total assets, prompting a run on the platform as hundreds of thousands of customers sought to withdraw funds.
The attack highlights the vulnerability of cryptocurrency exchanges and the ease with which cybercriminals can exploit them. According to experts, the use of "social engineering" tactics, where victims are tricked into downloading apps that allow hackers to secretly gain access to their computers and networks, is a common method used by North Korean hackers.
"We've never seen anything on this scale before," said Nick Carlsen, a former FBI intelligence analyst with expertise in North Korea. "The ability of these illicit financial networks to absorb such huge amounts of money so quickly is deeply concerning." The FBI has previously identified North Korean cyber actors as an "advanced persistent threat" since at least 2020.
The heist also raises concerns about the safety and security of cryptocurrency, which was once touted as a cyber-safe haven. However, experts warn that this is no longer the case, and that digital transactions are now vulnerable to exploitation by sophisticated hackers.
"If such a hack can occur at this scale in the world's second-largest exchange, it can certainly happen again," said Louise Abbott, a UK-based crypto fraud lawyer. "This attack highlights the need for greater regulation and oversight of cryptocurrency exchanges to prevent similar incidents in the future."
Bybit chief executive Ben Zhou has promised to take action against the hackers, saying that the company will wear the losses out of its own pocket on behalf of its over 60 million customers.
The company has released interim investigation reports from cybersecurity firms Sygnia and Verichains, which suggest that the cause of the attack was malicious code planted in a Bybit "cold wallet" two days before the theft. The storage was provided by another company, SafeWallet, and no indication of compromise was identified within Bybit's infrastructure.
Bybit has also set up a website where customers can report any suspicious activity related to the heist, offering a bounty of five per cent for anyone who can help trace the stolen money through public digital "wallets."
The news of the heist has sent shockwaves throughout the cryptocurrency community, with many experts predicting that it will undermine public trust in cryptocurrency. However, others see this as an opportunity to improve security measures and regulations, ensuring that such incidents do not happen again.