The FBI has identified a North Korean cyber group as the perpetrator of what’s being called the largest theft in history – a $1.5 billion cryptocurrency heist from Dubai-based exchange, Bybit.
According to federal investigators, the attack was carried out by “TraderTraitor,” also known as the notorious Lazarus Group, a sophisticated cyber unit operated by the North Korean regime.
“TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains,” the FBI stated Wednesday.
The hackers are moving quickly to launder the funds through complex blockchain transactions before eventually converting them to government-backed currencies.
This latest attack continues a dramatic escalation in North Korean cyber theft. Blockchain analysis firm Chainalysis reported that hackers linked to North Korea stole more than $1.3 billion in cryptocurrency across 47 incidents in 2024, nearly doubling the $660 million seized in 2023.
UN officials believe these cyber operations directly fund North Korea’s nuclear weapons program, helping the regime circumvent international sanctions.
Bybit, which serves more than 60 million users worldwide, discovered the breach when an attacker gained control of an ether wallet and transferred holdings to an unidentified address. The company has since established a bounty system to trace and freeze stolen funds.
Read also: Microsoft commits $1m to train one million Nigerians in AI skills
“We are taking a stand to ensure that every transaction is visible and every hacker is held accountable,” said Bybit CEO Ben Zhou.
North Korea’s cyber warfare capabilities have grown significantly since the mid-1990s, with the country now operating a 6,000-strong cyber unit known as Bureau 121. The Lazarus Group first gained international notoriety a decade ago after hacking Sony Pictures in retaliation for “The Interview,” a comedy film that mocked North Korean leader Kim Jong Un.
