The FBI has raised the alarm after confirming that a major cyberattack on cryptocurrency exchange Bybit was orchestrated by North Korean hackers.
The theft, which saw approximately $1.5 billion in digital assets stolen, has prompted a request for action from the global crypto community, urging exchanges, blockchain analytics firms, and other industry players to block any transactions linked to the stolen funds.
Source: FBI
In a public service announcement, the FBI confirmed what had been speculated in the industry.
The hack was the work of North Korea’s state-sponsored hacking group, known variously as TraderTraitor, Lazarus Group, APT38, BlueNoroff, and Stardust Chollima.
This group has long been a threat to the crypto ecosystem, carrying out high-profile heists and laundering stolen funds to fund North Korea’s missile programmes.
Bybit confirmed that the hack took place on 21 February 2025, when hackers intercepted a scheduled fund transfer from one of the exchange's cold wallets to a hot wallet.
The stolen cryptocurrency was then redirected to a blockchain address controlled by the hackers.
In response to the breach, the FBI is urging crypto node operators, exchanges, bridges, DeFi services, and blockchain analytics companies to block any transactions linked to the stolen funds.
The agency highlighted that the stolen assets are rapidly being laundered and dispersed across multiple addresses on different blockchains, complicating tracking efforts.
The FBI also shared a list of 51 Ethereum addresses connected to the hackers.
Source: FBI
The authorities warned that these assets could eventually be converted into fiat currency, making it even harder to trace the stolen funds.
The FBI further advised the private sector to take immediate action to help prevent further financial crime.
Since the theft, the hackers have reportedly laundered over 135,000 Ether (ETH), with the funds being dispersed across a variety of wallets and exchanges.
Blockchain forensics firms such as Chainalysis and Elliptic have tracked the movements, revealing that the stolen Ether has been converted into Bitcoin, stablecoins like Dai, and other assets through decentralised exchanges, cross-chain bridges, and services that lack Know Your Customer (KYC) protocols.
ZachXBT, a well-known crypto fraud investigator, identified that some of the funds were routed through Ethereum addresses previously linked to other high-profile hacks attributed to the Lazarus Group.
These findings were later confirmed by Elliptic and TRM Labs, both of which pointed to substantial overlaps between the addresses involved in the Bybit hack and previous North Korean thefts.
In an effort to prevent further laundering of the stolen assets, the FBI has made a public service announcement.
The Bureau urged industry players to block transactions originating from the addresses tied to the North Korean hackers, saying,
“TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains.”
The FBI’s warning underscores the seriousness of the situation, highlighting that these funds are likely to continue being laundered and eventually converted into fiat currency, a process that could fuel further criminal activities.
The hack targeted Bybit’s Safe{Wallet} platform, with the attackers gaining access through a compromised developer machine.
The hack was first investigated by cybersecurity firms Sygnia and Verichains, who revealed that a disguised malicious transaction proposal was made after infiltrating the Safe{Wallet} infrastructure.
This breach is part of a broader pattern of North Korean-backed cyberattacks on the cryptocurrency sector.
According to Chainalysis, North Korean hackers stole over $1.3 billion in crypto during 2024 alone, and Elliptic reported that the Lazarus Group has stolen more than $6 billion in total since 2017.
The stolen funds are widely believed to be funnelled towards North Korea’s ballistic missile development programs.
Vitalik Buterin recently sold several meme tokens and minted DAI, accumulating 71.69 ETH. His sale of DHN tokens caused a 57% drop in their value, sparking discussions about his market strategy.
WeatherlySpanish authorities dismantled a major crypto pyramid scam that defrauded over 3,600 victims out of an estimated 32.6 million euros through a fake online investment platform. Eight suspects were arrested, and the scam affected victims in 36 countries, leading to asset seizures and frozen bank accounts.
JoyIn his X post, Calacanis told his 981,600 followers that Bitcoin has enjoyed a wonderful streak, but he predicts that there could be something even bigger than Bitcoin that would replace Bitcoin, resulting in a 'restart in the game.'
XingChiNorth Korea's Lazarus Group has become one of the largest Bitcoin holders, controlling 13,562 BTC, after stealing $1.46 billion in a crypto heist. This makes North Korea one of the top government holders of Bitcoin, raising concerns about their intentions and role in global cybercrime.
AnaisThe Bank of Korea rejected the idea of holding Bitcoin in its foreign exchange reserves due to concerns about volatility and liquidity. Despite growing political interest in Bitcoin reserves, the central bank remains cautious and aligns with global trends of skepticism.
AnaisJames Howells' request to search a landfill for a hard drive containing 8,000 Bitcoin was rejected by the UK Court of Appeal, marking a setback in his legal battle. He plans to appeal to the European Court of Human Rights, but the landfill is set to close soon, making the search more difficult.
WeatherlyAmerican streamer Amouranth survived a violent home invasion in Houston, where armed intruders assaulted her and demanded her cryptocurrency keys. Four suspects, including two teenagers, were arrested, and the case highlights the rising danger of criminals targeting people with significant digital assets.
JoyGemini set a Guinness World Record by using 1,000 drones to form the Bitcoin logo in the sky over Austin, Texas. The event celebrated Bitcoin's role in the US Strategic Bitcoin Reserve initiative and showcased the growing influence of cryptocurrency.
AnaisRussia is increasingly using cryptocurrencies like Bitcoin and Tether to conduct oil trade with China and India, bypassing Western sanctions. The use of intermediaries and offshore accounts has made crypto a key tool in these transactions, speeding up operations despite financial restrictions.
WeatherlyThe White House is planning to acquire large amounts of Bitcoin for a strategic reserve, with support for the Bitcoin Act that proposes purchasing up to $80 billion worth of Bitcoin. The government aims to do this in a budget-neutral way, possibly using gold certificates, though the feasibility remains unclear.
WeatherlyThe French developer behind the Mutant Ape Planet NFT collection faces a prison sentence of up to five years subsequent to entering a guilty plea on charges related to wire fraud.
KikyoSC Ventures, part of Standard Chartered's innovation and fintech investment division, is changing the game with Libeara, a platform designed to bring investment opportunities within reach for everyone.
JoyGoogle sues anonymous scammers for fraudulent Bard AI chatbot ads, seeking damages amid rising AI service popularity.
Hui XinAs the FDIC prepares to testify before the Senate, a question lingers in the minds of industry leaders: Who stands to gain from the unfolding controversy?
CatherineEthereum co-founder Vitalik Buterin advocates revisiting Plasma, an Ethereum layer 2 scaling solution.
AaronIn a recent update, the Monetary Authority of Singapore (MAS) unveiled its collaboration with the financial industry to propel asset tokenisation initiatives and build foundational capabilities for scaling tokenised markets
AaronSouth Korea enforces a mandatory disclosure of cryptocurrency holdings for politicians, promoting transparency in the financial portfolios of public figures.
Hui XinDecentraland's 2023 Music Festival (Nov 16-18) promises a digital spectacle. Curated by sixteen virtual teams, it offers 80+ interactive performances in a three-day immersive experience.
JixuFriend.tech faces a phishing surge as attackers pose as journalists, targeting Key Opinion Leaders to compromise user credentials and risk fund theft. SlowMist warns of a cunning strategy, urging heightened awareness and security measures to combat the threat.
JixuOKX and Polygon Labs launch the X1 zkEVM Testnet, a transformative layer-2 solution for Ethereum, set to enhance transaction speeds and reduce costs. The collaboration anticipates a Q1 2024 mainnet release, marking a significant milestone for Ethereum's evolution and fostering growth within Polygon's ecosystem.
Jixu