The FBI urged immediate action to block transactions tied to North Korea’s $1.5 billion crypto heist, warning the hackers are swiftly laundering funds to evade recovery.
FBI Calls on Public to Help Stop North Korea’s $1.5B Bybit Crypto Laundering Now
This article was published more than a year ago. Some information may no longer be current.
WRITTEN BY
SHARE
FBI Urges Public and Private Sectors to Cut Off North Korea’s Stolen $1.5B in Crypto
The Federal Bureau of Investigation (FBI) has confirmed that North Korea was behind the recent $1.5 billion hack of the cryptocurrency exchange Bybit. In a public service announcement (PSA) issued on Feb. 26, the agency stated:
The Federal Bureau of Investigation (FBI) is releasing this PSA to advise the Democratic People’s Republic of Korea (North Korea) was responsible for the theft of approximately $1.5 billion USD in virtual assets from cryptocurrency exchange, Bybit, on or about February 21, 2025.
“FBI refers to this specific North Korean malicious cyber activity as ‘TraderTraitor,’” the announcement adds. The hacking group has already begun moving the stolen funds across various blockchains, raising concerns about potential laundering efforts.
Bybit recently experienced a significant security breach, resulting in the theft of approximately $1.5 billion worth of ethereum. The FBI attributed the heist to North Korea’s Lazarus Group, known for funding Pyongyang’s nuclear program through cybercrimes. Bybit’s CEO, Ben Zhou, assured users that the exchange remains solvent, with all client assets backed 1:1, and has secured emergency funding to cover the losses.
Meanwhile, authorities warn that cybercriminals are working quickly to obscure the origins of the stolen funds. The FBI explained: “TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains. It is expected these assets will be further laundered and eventually converted to fiat currency.”
The agency provided a list of Ethereum addresses suspected of holding or laundering the stolen funds, emphasizing:
FBI encourages private sector entities including RPC node operators, exchanges, bridges, blockchain analytics firms, DeFi services, and other virtual asset service providers to block transactions with or derived from addresses TraderTraitor actors are using to launder the stolen assets.
The FBI continues to investigate the theft and has asked anyone with relevant information to report it through its Internet Crime Complaint Center (ic3.gov) or a local field office. The agency remains focused on identifying, mitigating, and disrupting North Korea’s illicit cyber activities, which have resulted in the theft of billions in digital assets in recent years.
