FBI Urges Crypto Industry to Block North Korea-Linked Bybit Hack Transactions

The U.S. Federal Bureau of Investigation (FBI) has called on crypto node operators, exchanges, and other industry players to block transactions linked to addresses used to launder funds from the $1.4 billion Bybit hack. The FBI confirmed earlier industry investigations that North Korea's Lazarus Group, also known as TraderTraitor, was responsible for the hack.

The FBI noted that the hackers have rapidly converted stolen assets into Bitcoin and other virtual assets, dispersing them across thousands of addresses on multiple blockchains. It is expected that these assets will be further laundered and eventually converted to fiat currency. The FBI has urged Remote Procedure Call node operators, exchanges, bridges, blockchain analytics firms, and decentralized finance service providers to block transactions linked to TraderTraitor.

Since the Feb. 21 incident, the Bybit hackers have laundered more than 135,000 Ether (ETH), with another 363,900 ETH remaining untouched. Crypto forensics firm Chainalysis reported that the hackers had converted portions of the stolen ETH into Bitcoin (BTC), the Dai (DAI) stablecoin, and other assets via decentralized exchanges, crosschain bridges, and instant swap services without Know Your Customer protocols.

The FBI shared 51 Ethereum addresses operated by TraderTraitor or closely connected to them, urging industry players to block or refrain from interacting with these addresses. Blockchain analytics firm Elliptic has already flagged 11,084 crypto wallet addresses suspected of being linked to the Bybit exploit. Those with important information were asked to reach out to the FBI's Internet Crime Complaint Center.