The Bybit cryptocurrency exchange had one of its ether wallets compromised on Friday, February 21, which resulted in hackers making off with around $1.5 billion worth of crypto. According to a statement from the FBI on Wednesday, the Democratic People’s Republic of Korea (DPRK or North Korea) was responsible for the hack. The communist country's hackers used TraderTraitor (PDF) applications to gain illicit access to the exchange’s system.
“TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains,” the FBI said in its advisory. “It is expected these assets will be further laundered and eventually converted to fiat currency.”
The federal agency has listed over 50 Ethereum addresses tied to the hack in its announcement, all of which hold or have held assets related to the theft. It’s encouraging the private sector to block transactions related to these addresses, especially as the North Korean team is laundering the proceeds and trying to convert them into legal tender.
This isn’t the first massive hack that North Korea has been involved in, with state-sponsored actors targeting everything from developers to private corporations and government institutions. This same group is also suspected of a hack in 2023 that saw it steal about $600 million worth of crypto. The country first came into prominence in the hacking space when it attacked Sony Pictures in 2014 over “The Interview” comedy film, which starred Seth Rogen and James Franco as journalists tasked by the CIA to assassinate North Korean Supreme Leader Kim Jong Un.
Despite having no free public internet in the country, DPRK is known for its elite groups of hackers, like the Lazarus Group, which has allegedly stolen hundreds of millions of dollars across many different financial institutions. It was also credited with the WannaCry ransomware attack in 2017, affecting hundreds of thousands of devices across 150 countries. It has been said that the DPRK government has been using these techniques to make money and support its projects.
This group is often at the forefront of many cryptocurrency attacks, which require both technical and social engineering skills. North Korean hackers are certainly dangerous adversaries when it comes to cybersecurity.
