FBI accuses North Korean-backed hackers of stealing $1.5 billion in crypto from Dubai-based firm

ROME (AP) — The FBI has accused North Korean-linked hackers of conducting one of the largest thefts of cryptocurrency publicly known, seizing some $1.5 billion worth of ethereum from a Dubai-based firm.

The theft earlier this month targeting Bybit, one of the world’s largest crypto exchanges, represents yet another involving a team of hackers identified by the U.S. government by the names TraderTraitor and the Lazarus Group.

The hackers steal cryptocurrency “through the dissemination of cryptocurrency trading applications that were modified to include malware that facilitates theft of cryptocurrency,” the FBI has said.

FBI issues warning linking Pyongyang to theft

In an online public service announcement late Wednesday, the FBI said it believed the North Korean-backed hackers were “responsible for the theft.”

“TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains,” the FBI said in its announcement. “It is expected these assets will be further laundered and eventually converted to fiat currency.”

North Korean state media has not acknowledged either the theft or the FBI accusation. Pyongyang’s mission to the United Nations in Geneva did not immediately respond to a request for comment from The Associated Press.

North Korean thefts reportedly fund nuclear weapons program

However, North Korea has stolen an estimated $1.2 billion in cryptocurrency and other virtual assets in the past five years, according to South Korea’s spy agency. It represents a rare source of badly needed foreign currency to support its fragile economy and fund its nuclear program in the face of intense U.N. sanctions and North Korea’s strict border closures during the coronavirus pandemic.

A U.N. experts panel separately said it was investigating 58 suspected cyberattacks by North Korea between 2017 to 2023 that saw some $3 billion stolen to “reportedly help to fund the country’s development of weapons of mass destruction.”

Bybit co-founder and CEO, Ben Zhou, acknowledged the FBI’s announcement in a post on the social platform X by linking to a website offering $140 million in bounties for tracking the stolen crypto and getting it frozen by other exchanges.

Bybit has said a routine transfer of ethereum, one of the most popular cryptocurrencies, from a so-called “cold” or offline wallet was “manipulated” by an attacker who transferred the crypto to an unidentified address.

“It was a highly sophisticated hack that targeted cold wallets via a blind signing type of exploit, whereby the attackers create a fake interface that deceives users, since it is a near identical copy of the trusted platform,” wrote Manuel Villegas, an analyst at Julius Baer.

The blockchain analytics firm Certik has described the theft as “the largest breach” in the history of blockchain transactions.

The theft has seen overall crypto prices drop in recent days as investors in part have been spooked by the hack despite the industry getting a boost from the election of U.S. President Donald Trump. Industry leader Bitcoin traded over $82,000 a coin on Thursday, down from high of over $100,000 a month ago.

“The situation ... is certainly painful for ByBit’s customers and will likely raise additional regulatory scrutiny,” Villegas added.