FBI Hunts North Korea's Lazarus Group After $1.5B Bybit Hack

The FBI has joined the global effort to track down North Korea's Lazarus Group, a notorious cybercriminal organization responsible for the recent $1.5 billion Bybit hack. The hack, one of the largest crypto heists to date, involved the theft of ETH from the exchange.

The FBI's involvement comes as the laundering effort intensifies, with over 100 Ethereum addresses linked to the Lazarus Group being monitored. Bybit has already frozen $40 million of the stolen funds, but the total amount laundered is estimated to be around $605 million, with some of the funds passing through THORChain.

The breach originated from Safe{Wallet}'s AWS infrastructure, with attackers injecting malicious JavaScript into the exchange's front end. This allowed them to manipulate transaction parameters and deceive signers into approving unauthorized transfers. The stolen ETH was then distributed across multiple wallets and moved through cross-chain bridges, mixers, and unregulated exchanges.

The FBI is urging private sector entities, including RPCRES-- node operators, cryptocurrency exchanges, blockchain analytics firms, DeFi servicesDEFI--, and other virtual asset service providers, to block transactions linked to addresses associated with the Lazarus Group. Over 100 Ethereum addresses have been linked to the group, with some still holding stolen assets.

The FBI's commitment to protecting the virtual asset community is evident in its efforts to identify, disrupt, and prevent North Korea's cybercrime operations. Individuals with relevant information are encouraged to contact their local FBI field office or file a report with the FBI's Internet Crime Complaint Center at ic3.gov.