The U.S. Federal Bureau of Investigation (FBI) has officially attributed the massive $1.4 billion crypto hack on Bybit to North Korean hackers, specifically the Lazarus Group—an entity infamously associated with large-scale cyber heists.

In a public service announcement issued on February 26, the FBI urged crypto exchanges, node operators, and blockchain service providers to take immediate action in blocking transactions linked to the stolen funds.

Lazarus Group and the “TraderTraitor” Operation

The FBI’s investigation confirmed earlier industry findings that the attack was conducted under an operation known as "TraderTraitor." This label has been used to describe various North Korean-linked hacking groups, including APT38, BlueNoroff, and Stardust Chollima.

According to forensic reports, the hackers gained control of Bybit’s Ethereum cold wallet during a routine transfer on February 21. Shortly after, more than 135,000 ETH was laundered, while another 363,900 ETH—valued at approximately $825 million—remains untouched. Blockchain analysis firm Chainalysis revealed that portions of the stolen assets were converted into Bitcoin, Dai, and other cryptocurrencies through decentralized exchanges and cross-chain bridges to bypass Know Your Customer (KYC) regulations.

Security firm SlowMist detailed that the breach stemmed from a compromise in Safe{Wallet}, a wallet infrastructure used by Bybit. Hackers reportedly infiltrated a developer’s machine, injecting malicious code into the platform’s front end and intercepting transaction parameters.

Bybit CEO Ben Zhou quickly addressed concerns about the exchange’s financial health, assuring users that all client assets remain 1:1 backed despite the attack. Additionally, Bybit has declared "war" on the Lazarus Group, offering a 10% bounty on recovered funds.

FBI’s Call to Action: Blocking Transactions

In an attempt to halt further laundering of the stolen funds, the FBI released a list of 51 Ethereum addresses tied to the hack, urging exchanges, node operators, blockchain analytics firms, and DeFi service providers to block interactions with these addresses.

Blockchain analytics firm Elliptic has gone further, flagging over 11,000 wallet addresses suspected to be linked to the Bybit exploit.

While the hackers have already laundered significant portions of the stolen funds, some recovery efforts have seen minor success. Security experts have retrieved approximately $43 million, while authorities have seized an additional $243,000 from linked accounts. However, the majority of the assets remain out of reach.

The FBI continues to investigate and urges anyone with relevant information to report through its Internet Crime Complaint Center.

Bybit Recovers From $1.4B Hack, Restores Full ETH Reserves | HODL FM
Bybit restores full ETH reserves after a $1.4B hack, proving…
hodl-post-imageHODL FM: The Wildest Ride in the Crypto MarketHODL Team
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice of this sort, HODL FM strongly recommends contacting a qualified industry professional.