FBI says North Korean Lazarus hackers were behind $1.5 billion Bybit crypto hack

News
By published

Huge crypto theft was the work of North Korea, FBI says

North Korean flag with a hooded hacker
(Image credit: Shutterstock)
  • Bybit recently saw $1.5 billion stolen during a routine transfer
  • The FBI has now linked the Lazarus Group to the theft
  • The funds are currently being laundered to hamper tracing efforts

The Bybit cryptocurrency theft which saw almost $1.5 billion in funds stolen, has now been attributed to the notorious North Korean Lazarus Group by the FBI.

The Lazarus Group is also tracked as TraderTraitor and APT38, and in a statement, the FBI said, “TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains. It is expected these assets will be further laundered and eventually converted to fiat currency.”

The funds were part of a regular transfer of Ethereum cryptocurrency between Bybit’s cold and hot wallet, but were redirected in transit to a Lazarus Group controlled blockchain address marking the largest cryptocurrency theft in history.

Largest crypto theft in history

The FBI also listed multiple Ethereum addresses linked to the theft, and requested that platforms who handle the transfer of cryptocurrency to block transactions from the listed accounts.

Bybit has also invited anyone with blockchain or cryptocurrency expertise to help track the stolen funds.

ZachXBT, a cryptocurrency theft and fraud investigator, observed the thieves transferring some of the stolen crypto to an Ethereum address previously used in several Lazarus Group operations.

Numerous other organizations in the blockchain industry have observed numerous transfers between North Korean controlled addresses in attempts to launder the funds and slow down tracing efforts.

The Lazarus Group has garnered quite a name for its crypto thefts that are believed to be a revenue generating method for the North Korean government.

North Korea does not disclose its GDP, but estimates place the country’s 2023 nominal GDP at USD$29.6 billion, meaning that the theft would account for around 5% of North Korea’s GDP in 2023.

You might also like

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Ethereum
Hackers steal over $1bn in one of the biggest crypto thefts ever
Image depicting a hand on a scanner
New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
North Korean Lazarus hackers launch large-scale cyberattack by cloning open source software
North Korean flag with a hooded hacker
North Korean hackers are posing as software development recruiters to target freelancers
Cryptocurrencies
Around $40 billion worth of illicit crypto transactions took place in 2024
Close up of a person touching an email icon.
Top US mineral firm hit by cyberattack that saw thieves steal $500,000
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
More about security
Sam Altman and OpenAI

OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
iPhone 13 mini

The iPhone mini won't be returning, according to rumors – and you think that's a mistake
See more latest
Most Popular
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
The cast of Black Mirror season 7
Everything new on Netflix in April 2025 – including Black Mirror season 7 and Love on the Spectrum
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Businessman holding a magnifier and searching for a hacker within a business team.
Cloud streaming hoster StreamElements confirms data breach following attack
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?