North Korean Hackers Steal $1.4 Billion in Crypto, FBI Names Operation "TraderTraitor"

The FBI has officially attributed the recent $1.4 billion crypto theft from Bybit to North Korean hackers, labeling the operation "TraderTraitor" in a public servicePEG-- announcement. The hackers, believed to be part of the Lazarus Group, have since converted some of the stolen assets to Bitcoin and other cryptocurrencies, which are now dispersed across thousands of addresses on multiple blockchains.

The FBI's confirmation ties the attack to Kim Jong Un's regime, which is increasingly funding its weapons programs through cybercrime. Hackers managed to gain control of Bybit's Ethereum cold wallet during a routine transfer operation on February 21, perpetrating what is now considered the largest publicly disclosed crypto hack on record.

Despite the fallout, Bybit CEO Ben Zhou assured users that the exchange remains financially stable. "Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss," Zhou said.

Security firm SlowMist confirmed the attack's technical details, revealing a sophisticated compromise. "Safe dev's equipment was compromised, resulting in malicious code being injected into the front end," SlowMist researchers said. "The attack intercepted and modified transaction parameters."

By the weekend following the attack, approximately $140 million had already been laundered through accounts linked to North Korean operatives, according to data from Elliptic. Safe{Wallet}, whose infrastructure was exploited in the attack, released a statement acknowledging the breach was conducted by the notorious Lazarus Group.

Recovery efforts have shown limited success so far. Elliptic later revealed that a group of security experts have retrieved approximately $43 million of the stolen assets, with an additional $243,000 seized from associated accounts. Bybit has offered a 10% reward to security experts who help retrieve the stolen funds after it declared 'war' on the Lazarus Group.

The FBI is urging private sector entities, including exchanges and blockchain analytics firms, to block transactions with 48 Ethereum addresses identified as operated by or connected to North Korean TraderTraitor actors.