Skip to content
- Hackers infiltrated Bybit’s system, stealing $1.5 billion in Ethereum.
- FBI urges exchanges to block 100+ wallets linked to laundering.
- A major exchange refuses to freeze stolen assets, complicating recovery.
The Federal Bureau of Investigation (FBI) has intensified its probe into North Korea’s cybercriminal organization, the Lazarus Group after the group orchestrated a major attack on cryptocurrency exchange Bybit. According to reports, hackers compromised a Safe wallet belonging to a Bybit developer, injecting malicious code into the exchange’s front-end system. This breach resulted in Ethereum (ETH) theft worth approximately $1.5 billion, marking one of the largest cryptocurrency heists to date.
The attackers gained unauthorized access to Bybit and manipulated the transaction parameters to deceive signers into releasing funds for transfers that should not have been allowed. Investigations revealed that many stolen funds have been laundered through multiple wallets and decentralized platforms.
Attack Origin and Execution
Hackers deceived signers into thinking they were processing routine cold-to-warm wallet transfers, but the altered code changed ownership details during signing. As a result, the modified code redirected funds to unauthorized wallets, allowing the hackers to seize control. After securing the funds, they split the money into over 40 wallets and used THORChain for cross-chain theft. Additionally, they moved the money through unauthorized exchanges, making recovery more complex.
Cybersecurity firms Verichains and Sygnia found that the breach came from an intrusion into Safe{Wallet}’s Amazon Web Services system. According to Bybit CEO Ben Zhou, attackers accessed Safe{Wallet}’s AWS S3 bucket on February 19 at precisely 15:29:25 UTC. Because of this access, they could inject malicious JavaScript code, which altered the transaction approval process and redirected funds.
Meanwhile, Bybit successfully froze $40 million of the stolen funds and announced a 10% bounty for additional asset recovery. However, hackers had already laundered about $120 million, making full recovery more challenging. Furthermore, the process faces more delays because a cryptocurrency exchange, eXch, refused to freeze funds due to a long-standing dispute with Bybit.
FBI’s Appeal to Cryptocurrency Entities
To counter these threats, the FBI urged key crypto market stakeholders to act quickly against the TraderTraitor hackers involved in money laundering.Authorities asked cryptocurrency exchanges, blockchain analytics firms, and DeFi service providers to freeze over 100 Ethereum addresses. As a preventive measure, authorities are also working to block further illicit transactions across multiple platforms.
Moreover, the bureau reaffirmed its mission to disrupt North Korea’s cybercriminal activities and minimize financial losses. Law enforcement agencies continue tracking the stolen funds and urge individuals with information to report it to local FBI offices. Alternatively, they can file complaints through the Internet Crime Complaint Center (ic3.gov) to support ongoing investigations.
Ultimately, the Bybit hack highlights the ongoing danger posed by state-backed cybercriminals targeting the cryptocurrency sector. As investigations move forward, authorities remain focused on reducing the impact of this attack and preventing future breaches within digital finance.
Also Read: WazirX’s Quiet Fund Movement: Silence Speaks Volumes
