FBI Confirms Lazarus Group’s Role in $1.4B Bybit Hack

The U.S. Federal Bureau of Investigation (FBI) has issued an urgent advisory to crypto exchanges, node operators, and blockchain service providers, urging them to block transactions from addresses tied to the $1.4 billion Bybit hack. The agency confirmed that North Korea’s infamous hacking unit, commonly referred to as the Lazarus Group, orchestrated the massive theft.

In a public service announcement on Feb. 26, the FBI identified the operation under its internal codename “TraderTraitor,” a designation previously used in an April 2022 statement to describe cyberattacks linked to the North Korean state-sponsored group. The agency noted that the stolen funds are rapidly being converted into Bitcoin and other cryptocurrencies through decentralized platforms, making them harder to trace.

“It is expected these assets will be further laundered and eventually converted to fiat currency,” the FBI warned, stressing that exchanges and blockchain firms must act swiftly to prevent further laundering.

Millions Already Laundered in Bybit Hack

Blockchain investigators tracking the stolen assets have revealed that the Bybit hackers have already laundered more than 135,000 Ether since the Feb. 21 breach. Most of these funds were in liquid-staked Ether tokens, according to crypto analyst EmberCN.

Despite the rapid movement of funds, a significant portion of the loot remains untouched. Roughly 363,900 Ether, valued at around $825 million, has not been moved since the initial theft, raising concerns over when and how the hackers plan to cash out.

Crypto forensics firm Chainalysis reported that the attackers have been using a combination of decentralized exchanges, cross-chain bridges, and anonymous swap services to convert portions of the stolen Ether into Bitcoin and stablecoins like Dai (DAI). These methods allow them to sidestep Know Your Customer (KYC) regulations, complicating law enforcement efforts.

Over 11,000 Wallets Flagged as Suspicious

The FBI has shared a list of 51 Ethereum addresses suspected of being controlled by the hackers, instructing crypto service providers to block transactions from these wallets. Meanwhile, blockchain analytics firm Elliptic has flagged an even larger network of 11,084 wallets potentially tied to the Bybit exploit.

Authorities have urged anyone with relevant information to report it to the FBI’s Internet Crime Complaint Center. With the stolen funds still largely within reach, the crypto industry now faces a crucial test in its fight against cybercrime.