FBI officially attributes February’s record-breaking $1.5 billion Bybit cryptocurrency hack to North Korean state-sponsored hackers who used sophisticated deception techniques targeting cold storage.
By Godfrey Benjamin
Edited by Marco T. Lanz
Updated
3 mins read
The United States Federal Bureau of Investigation (FBI) has officially confirmed that hackers affiliated with the Democratic People’s Republic of Korea (North Korea) orchestrated the devastating Bybit hack on February 21, 2025. This cybersecurity breach, now recognized as the largest cryptocurrency theft in history, resulted in the theft of nearly $1.5 billion in Ethereum from the Bybit exchange.
According to the FBI’s statement, this attack, known as “TraderTraitor,” is part of a more extensive series of cyberattacks linked to North Korean state-sponsored hackers.
The stolen funds were quickly converted into Bitcoin (BTC) and other digital assets. The hackers also used advanced methods to spread the stolen funds across thousands of addresses on different blockchain networks. The FBI revealed several Ethereum addresses currently holding assets stolen in the hack. According to the FBI, these addresses are connected to or operated by the TraderTraitor actors.
The FBI has also warned that the stolen virtual assets will be converted into fiat currency. This is because the hackers typically seek to liquidate their gains into more traditional forms of currency.
Recall that blockchain analytics firm Elliptic also linked Bybit’s hack to North Korean hackers.
The analytics firm unveiled a publicly accessible data feed containing the wallet addresses linked to North Korean hackers. Meanwhile, Bybit co-founder and CEO Ben Zhou has also announced a “war” against the Lazarus Group, the state-sponsored notorious hacking group of North Korea.
The cryptocurrency exchange suffered a massive security breach, losing approximately $1.5 billion worth of Ethereum. The stolen funds were taken from a cold storage wallet, which is supposed to be one of the safest ways to store digital assets.
Blockchain investigator ZachXBT was the first to flag suspicious outflows from Bybit’s wallets. Meanwhile, on-chain data revealed a methodical scheme in which mETH and stETH tokens were converted to Ethereum via decentralized exchanges.
The attackers executed a highly sophisticated scheme by designing an interface mirroring the Safe Wallet management platform. They replicated accurate address details and verified URLs to deceive Bybit’s security team. Transactions appeared legitimate, prompting the team, even Zhou, to authorize fake transactions that altered the wallet’s smart contract logic.
Amid the turmoil, Bybit reassured its users that the breach was limited to a single cold wallet. The crypto exchange also stated that its other wallets remain secure. Intriguingly, withdrawal functions across the platform continued to operate normally.
Additionally, Bybit’s CEO reassured users of the exchange’s solvency. He stated that even if the stolen funds are not recovered, Bybit can cover the losses. True to the assurances, Bybit secured loans from other exchanges to cover the Ethereum reserve shortfall.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
Benjamin Godfrey is a blockchain enthusiast and journalist who relishes writing about the real life applications of blockchain technology and innovations to drive general acceptance and worldwide integration of the emerging technology. His desire to educate people about cryptocurrencies inspires his contributions to renowned blockchain media and sites.
