A recent FBI announcement has confirmed that a well-known North Korean APT group was responsible for orchestrating the largest cryptocurrency heist in history. The attack targeted the popular cryptocurrency exchange Bybit and was attributed to the group known as “TraderTraitor” (also known as Lazarus, APT38, BlueNoroff, and Stardust Chollima).
According to the FBI’s Public Service Announcement issued on February 26, the TraderTraitor group has been rapidly converting the stolen assets, including Bitcoin and other virtual currencies, into thousands of addresses across multiple blockchains. The agency warned that these assets are likely to be further laundered and eventually converted into fiat currency.
This confirmation aligns with previous reporting by Infosecurity, which referenced a report from blockchain analysis firm Elliptic. The firm attributed the Bybit theft to North Korea’s Lazarus Group based on their analysis of the money laundering of the stolen cryptocurrency.
The North Korean threat actors are believed to be in the process of a two-stage money laundering operation. The first stage involves exchanging stolen tokens for a “native” blockchain asset like Ether, which cannot be frozen. The second stage includes “layering” the stolen funds to obscure the transaction trail.
Shortly after the heist, the stolen funds were sent to 50 different wallets and subsequently emptied. The funds are likely being routed through various channels such as decentralized exchanges, centralized exchanges, and crypto mixers to evade detection and hinder efforts to block the actors from cashing out.
The FBI has called on the crypto community to take action to prevent the North Korean group from converting the stolen assets into fiat currency. They have urged private sector entities, including RPC node operators, exchanges, blockchain analytics firms, and DeFi services, to block transactions associated with the addresses used by the TraderTraitor actors for money laundering.
In response to the heist, Bybit has offered a reward of 10% of any recovered funds to individuals who can assist in the recovery of the $1.46 billion in cryptocurrency stolen by Lazarus. The investigation into this massive cryptocurrency heist continues as authorities work to track and recover the stolen assets.