The Federal Bureau of Investigation (FBI) has officially stepped in to track down North Korea’s Lazarus Group, the cybercriminal organization responsible for the massive Bybit hack. The attack, which led to the theft of $1.5 billion worth of Ethereum (ETH), is now being classified as one of the largest crypto heists in history.
How the Hack Happened
Cybersecurity firms Verichains and Sygnia have determined that the breach did not originate from Bybit’s internal infrastructure. Instead, the attackers compromised a Safe{Wallet} through a vulnerable AWS environment, allowing them to exploit the system.
Hackers infiltrated a Safe wallet belonging to a Bybit developer, inserting malicious JavaScript into the exchange’s front-end system. This tactic enabled them to manipulate transaction parameters and fabricate forged documents, deceiving signers into approving unauthorized transactions.
Hackers Move Stolen Ethereum Through THORChain
The laundering process is already in motion, with 270,000 ETH (worth approximately $605 million) routed through THORChain. Investigators report that the stolen funds were split across 40+ wallets before being moved through cross-chain bridges, privacy mixers, and unregulated exchanges to obscure their origin.
Bybit has successfully frozen $40 million of the stolen assets and has offered a 10% bounty to anyone who helps recover lost funds. However, $120 million has already been laundered, and a controversial exchange, eXch, has refused to freeze additional assets, making the recovery process more difficult.
FBI Calls for Action Against TraderTraitor Transactions
The FBI has called on crypto exchanges, DeFi platforms, blockchain analytics firms, and RPC node operators to block transactions linked to the TraderTraitor hacking group. Authorities have identified over 100 Ethereum addresses associated with North Korean operatives, with some still holding stolen funds.
The agency reaffirmed its commitment to protecting the crypto industry, stating that it is actively working to identify, disrupt, and prevent further cyberattacks from North Korean-backed groups.
Officials urge anyone with information about the Bybit attack to report it to their nearest FBI field office or submit details via the Internet Crime Complaint Center (IC3) at ic3.gov. The investigation is ongoing, with authorities ramping up efforts to track and recover the stolen funds.
