FBI Identifies North Korea in Bybit Crypto Theft

The Federal Bureau of Investigation (FBI) announced Wednesday that they have identified North Korea as the entity responsible for the $1.5 billion Bybit crypto theft. The agency has labeled this cyber activity “TraderTraitor.”

The attack, which occurred on Feb. 21, is now recorded as the largest publicly disclosed crypto hack. The Lazarus Group, a notorious hacking organization from North Korea, has been implicated in this massive cyber intrusion against Bybit.

According to federal authorities, TraderTraitor actors have begun converting the stolen assets to Bitcoin and other digital currencies, dispersing them across thousands of addresses on multiple blockchains. The agency anticipates that these assets will undergo further laundering before being converted to fiat currency.

The FBI is urging private sector entities—such as RPC node operators, exchanges, bridges, blockchain analytics firms, DeFi services, and other virtual asset service providers—to block transactions with the addresses linked to the TraderTraitor actors.

Additionally, the agency has released a list of 48 Ethereum addresses that are either holding or have held assets from the theft, identifying them as operated by or closely connected to North Korean TraderTraitor actors.