Massive Crypto Heist: North Korean Hackers Steal $1.5 Billion from Bybit

North Korean Hackers Execute Record $1.5 Billion Crypto Heist on Bybit

In a stunning breach that has sent shockwaves through the cryptocurrency world, the FBI has confirmed that North Korean hackers stole approximately $1.5 billion from the cryptocurrency exchange Bybit on February 21, 2025. This incident marks the largest crypto heist ever recorded, attributed to the notorious state-sponsored hacking group known as TraderTraitor, Lazarus Group, and APT38.

According to the FBI’s Public Service Announcement, the hackers intercepted a scheduled transfer from one of Bybit’s cold wallets to a hot wallet, redirecting the funds to a blockchain address under their control. "TraderTraitor actors are proceeding rapidly," the FBI warned, noting that some of the stolen assets have already been converted to Bitcoin and dispersed across thousands of addresses.

Crypto fraud investigator ZachXBT uncovered links between the Bybit heist and previous attacks attributed to the Lazarus Group, including hacks on Phemex, BingX, and Poloniex. Blockchain analysis firms Elliptic and TRM Labs confirmed these findings, revealing substantial overlaps in the addresses used by the hackers.

The attack’s origins were traced back to a compromised developer machine associated with the multisig wallet platform Safe{Wallet}. Bybit CEO Ben Zhou shared preliminary reports indicating that the hackers exploited this vulnerability to execute a disguised malicious transaction.

In response to the breach, the FBI has urged cryptocurrency service providers to block transactions from addresses linked to the North Korean hackers. They have also released a list of 51 Ethereum addresses associated with the stolen funds.

This heist is part of a broader trend, with North Korean hackers reportedly stealing over $6 billion in crypto assets since 2017, with proceeds allegedly funding the country’s ballistic missile program. As the crypto community grapples with this unprecedented theft, the implications for security and regulatory measures in the digital asset space are profound.