The Federal Bureau of Investigations (FBI) officially confirmed that the Lazarus Group was behind the Bybit Hack that cost the exchange a whopping $1.46 billion.
The FBI, through a Public Service Announcement, confirmed the involvement of the group while calling for all hands to be on deck in tackling the Notorious Cybercrime group.
“ The Federal Bureau of Investigation (FBI) is releasing this PSA to advise that the Democratic People’s Republic of Korea (North Korea) was responsible for the theft of approximately $1.5 billion in virtual assets from cryptocurrency exchange Bybit on or about February 21, 2025. FBI refers to this specific North Korean malicious cyber activity as “TraderTraitor.” The FBI noted
The FBI stated that the TraderTraitor actors are proceeding rapidly and have converted some stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains. The group is expected to launder further and convert the stolen funds to fiat currency.
The FBI shared avenues and strategies to help recover the lost funds in the announcement. The law enforcement group urged exchanges, blockchain analytics, Defi Services, and other Virtual Assets Service Providers to block all transactions linked to the wallets used by the hackers.
All Hands on Deck
The FBI’s involvement in the Bybit Case signifies a wholesome approach to tackling the menace of the Lazarus Group. Their efforts are complimented by the “Lazarus Bounty Program,” launched by Bybit to facilitate an onchain neighbourhood watch on wallets linked to the Lazarus Group.
Bybit revealed that the point of compromise in its ecosystem was the front end of Safe Wallet, its security partner.
Investigations by Sygnia and Verichains revealed that the root cause was malicious JavaScript injected into Safe{Wallet}’s Amazon AWS S3 bucket, which hosted the wallet’s front-end interface (app.safe.global).
The hackers compromised the system, targeting the front end of Safe Wallet. Bybit’s and Safe Wallet’s core infrastructure remain untouched.
Bybit has replaced its reserves and processed over 350,000 transactions after the hack.
The industry lauded the Dubai-based exchange for its stellar Crisis management and for remaining solvent despite the huge financial loss.
