The FBI has attributed the recent attack on Dubai-based Bybit crypto exchange to North Korean hackers. The agency has called on crypto firms to help block the stolen funds. According to Bybit CEO Ben Zhou, a hacker gained control of one of the exchange’s offline Ethereum wallets, resulting in a loss of nearly $1.5 billion (roughly Rs. 13,006 crore). Following the attack earlier this month, Arkham Intelligence reported that the stolen assets are already being transferred to new addresses for liquidation.
In an announcement posted on February 26, the FBI agency said that North Korean hackers are using the ‘TraderTraitor’ activity to convert the stolen funds into other crypto tokens and distribute them across ‘thousands of wallets’. The FBI expects that the stolen assets are likely to be laundered further.
As part of the post, the FBI has released a list of 51 Ethereum wallet addresses that have been identified among those holding portions of the stolen assets. These addresses are known to be linked to North Korean TraderTraitor actors.
“FBI encourages private sector entities including RPC node operators, exchanges, bridges, blockchain analytics firms, DeFi services, and other virtual asset service providers to block transactions with or derived from addresses TraderTraitor actors are using to launder the stolen assets,” the post said.
The recent Bybit attack is reportedly the biggest crypto hack so far.
As per Zhao, “The signing message was to change the smart contract logic of our ETH cold wallet. This resulted (in the) hacker taking control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address.”
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
In its internal forensic probe, the exchange found that malicious code was inserted into its system for hackers to gain access to the wallet and facilitate the attack. The exchange also said that there was no indication of compromises identified within the exchange’s internal systems.
A detailed assessment of the incident is still underway.
A Chainalysis report released in December revealed that crypto hacks led to $2.2 billion (roughly Rs. 18,710 crore) in stolen funds in 2024—a 21 percent increase from 2023.
In response, crypto firms like Tron, Tether, TRM Labs, and Chainalysis are joining forces in anti-crime alliances to assist law enforcement in tracking stolen assets and blocking suspicious transactions.
The FBI has attributed the recent attack on Dubai-based Bybit crypto exchange to North Korean hackers. The agency has called on crypto firms to help block the stolen funds. According to Bybit CEO Ben Zhou, a hacker gained control of one of the exchange’s offline Ethereum wallets, resulting in a loss of nearly $1.5 billion (roughly Rs. 13,006 crore). Following the attack earlier this month, Arkham Intelligence reported that the stolen assets are already being transferred to new addresses for liquidation.
In an announcement posted on February 26, the FBI agency said that North Korean hackers are using the ‘TraderTraitor’ activity to convert the stolen funds into other crypto tokens and distribute them across ‘thousands of wallets’. The FBI expects that the stolen assets are likely to be laundered further.
As part of the post, the FBI has released a list of 51 Ethereum wallet addresses that have been identified among those holding portions of the stolen assets. These addresses are known to be linked to North Korean TraderTraitor actors.
“FBI encourages private sector entities including RPC node operators, exchanges, bridges, blockchain analytics firms, DeFi services, and other virtual asset service providers to block transactions with or derived from addresses TraderTraitor actors are using to launder the stolen assets,” the post said.
The recent Bybit attack is reportedly the biggest crypto hack so far.
As per Zhao, “The signing message was to change the smart contract logic of our ETH cold wallet. This resulted (in the) hacker taking control of the specific ETH cold wallet we signed and transferred all ETH in the cold wallet to this unidentified address.”
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
In its internal forensic probe, the exchange found that malicious code was inserted into its system for hackers to gain access to the wallet and facilitate the attack. The exchange also said that there was no indication of compromises identified within the exchange’s internal systems.
A detailed assessment of the incident is still underway.
A Chainalysis report released in December revealed that crypto hacks led to $2.2 billion (roughly Rs. 18,710 crore) in stolen funds in 2024—a 21 percent increase from 2023.
In response, crypto firms like Tron, Tether, TRM Labs, and Chainalysis are joining forces in anti-crime alliances to assist law enforcement in tracking stolen assets and blocking suspicious transactions.
