North Korean Hackers Steal $1.4 Billion in Crypto

The FBI has officially linked last week's massive $1.4 billion cryptocurrency theft from exchange Bybit to North Korean hackers. In a public servicePEG-- announcement released Wednesday, federal authorities confirmed what many in the crypto community had suspected since the February 21 attack.

The bureau has labeled the operation "TraderTraitor" and identified the notorious Lazarus Group as the actors behind the heist. This North Korean state-sponsored hacking organization has been tied to numerous other industry hacks in recent years.

The attack occurred during a routine transfer operation when hackers gained control of Bybit's Ethereum cold wallet. This incident now stands as the largest publicly disclosed cryptocurrency hack on record.

According to the FBI, the hackers are working quickly to cash in on their stolen assets. They have already converted some of the funds to Bitcoin and other cryptocurrencies, spreading them across "thousands of addresses on multiple blockchains," making them harder to track. The FBI expects the stolen funds will undergo further laundering before being converted to traditional currency.

Security firm SlowMist shared technical details about the attack on Wednesday evening. They revealed that a Safe{Wallet} developer's equipment was compromised, allowing the attackers to inject malicious code into the front end. The attack then "intercepted and modified transaction parameters" during a planned transfer.

Safe{Wallet}, whose infrastructure was exploited in the hack, released a statement acknowledging the breach. "The forensic review into the targeted attack by the Lazarus Group on Bybit concluded that this attack targeted the Bybit Safe was achieved through a compromised machine of a Safe{Wallet} developer," the company stated.

By the weekend following the attack, approximately $140 million had already been laundered. This money moved through accounts linked to North Korean operatives, according to data from blockchain analytics firm Elliptic.

Despite the massive theft, Bybit CEO Ben Zhou has assured users that the exchange remains financially stable. "Bybit is solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss," Zhou posted on X (formerly Twitter) the day of the attack.

Recovery efforts have shown some limited success so far. Elliptic later revealed that security experts have retrieved approximately $43 million of the stolen assets. An additional $24