The Federal Bureau of Investigation (FBI) has attributed the recent $1.5 billion cryptocurrency theft from Bybit to the North Korean Lazarus Group, also known as TraderTraitor and APT38. Reports indicate the stolen funds, taken during a routine transfer, are currently being laundered to hinder tracking efforts.
The theft, which constitutes one of the largest cryptocurrency heists in history, involved the redirection of Ethereum funds from Bybit’s cold and hot wallets. According to an FBI statement, “TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains. It is expected these assets will be further laundered and eventually converted to fiat currency.”
The FBI has released multiple Ethereum addresses associated with the theft and is urging cryptocurrency platforms to block transactions from these flagged accounts. Bybit has also appealed to blockchain and cryptocurrency experts for assistance in tracing the stolen funds.
Independent cryptocurrency theft and fraud investigator ZachXBT noted that the thieves transferred a portion of the stolen crypto to an Ethereum address previously linked to Lazarus Group operations. Furthermore, several organizations in the blockchain industry have observed numerous transfers between North Korean controlled addresses in a likely attempt to launder the funds and complicate tracing.
The Lazarus Group has become notorious for its cryptocurrency thefts, believed to be coordinated by the North Korean government to generate revenue. Estimates put North Korea’s 2023 nominal GDP at approximately $29.6 billion, making the stolen $1.5 billion approximately 5% of the country’s GDP.
