The Federal Bureau of US Investigation (FBI) has officially linked A record of 1.5 billion BYBIT Hack to North Korean subjects threats as CEO Ben Zhou declared “War against Lazarus.”
The agency stated that the Democratic People’s Republic of Korea (North Korea) is responsible for the theft of virtual assets from the cryptocurrency exchange, attributing it to a certain cluster, which it monitors as a Tradertraitor, which is also monitored as neffe wet, slow course and UNC4899.
“Actors Tradertraitor are ongoing and transformed some stolen assets into bitcoin and other virtual assets divorced by thousands of addresses on multiple blockchains,” FBI – Note. “It is expected that these assets will be washed and eventually converted into Fiat currency.”
It is worth noting that cluster tradeTraitor was Previously involved Japanese and US authorities in theft of cryptocurrency worth $ 308 million from Cryptocurrency DMM Bitcoin in May 2024.
The threatening actor is known for focusing on the Web3 sector, often deceiving the victims in loading cryptocurrencies, which are conducted on malicious programs to facilitate the theft. Alternatively, it was also revealed that the organization of social engineering companies with themes that lead to the deployment of malicious packages of NPM.
At a time when it is at a time, there launched the Bounty program To help collect stolen funds, calling for refusing to cooperate in probe and help freeze assets.
“The stolen funds have been transferred to unauthorized or impaired directions such as exchanges, mixers or bridges, or are transformed into stable frozen,” the statement reads. “We demand cooperation with all participants to either freeze the funds or provide updates about their movement so that we can continue to trace.”
A company based in Dubai also has general The conclusions of two investigations conducted by Signia and Verichen, binding the hacking with the Lazar group.
“The investigation into the criminalist of the three hosts of the signatories suggests that the root cause of the attack is a malicious code that comes from the safe infrastructure {Wallet},” Signia said.
VericHains noted that “a benign javaScript file of app.safe.global appears to be replaced by a malicious code on February 19, 2025 at 15:29 UTC, in particular, focused on Multisig Coll of Bybit Etherum”, and that ” February, 2025, at 14:13.
It is suspected that the AWS S3 or Cloudfront/API Safe.global account is probably a leak or a violation that opens the way to attack the supply chain.
In a separate statement, the Multisig Wallet Safe {Wallet} platform said the attack was carried out by compromising a safe machine developer {Wallet}, which touched upon the Bybit account. The company further noted that it had implemented additional security measures to mitigate the attack vector.
Attack “was reached through a compromised machine of a safe developer {wallet}, which has led to a proposal of a disguised malicious deal” – Note. “Lazarus is a state supported by a North Korean hacking group, which is well known for complex social engineering attacks on developers’ powers, sometimes in combination with zero days.”
It is currently unclear how the developer system was broken, although the new Silent Push analysis revealed that the Lazarus group registered a domain assessment (.) COM at 22:21:57 2025, a few hours before the theft of crypto.
Whois Records show that the domain was registered using the email address “Trevorgreer9312@gmail (.) Complained, which was previously identified as a Lazarus -used person connection since another company Duma contagious interview.
“Seems to,” bybit hest Increased interviewAlso known as the famous Chollima “company – Note.
“Victims are usually referred to LinkedIn, where they are socially designed to participate in counterfeit interviews. These interviews serve as an entry point for the purposeful deployment of malware, data cleaning and further compromise of financial and corporate assets.”
North Korea estimates have stolen more than $ 6 billion since 2017. $ 1.5 billion stolen last week, exceeded $ 1.34 billion, which the actors stole from $ 47 in all 2024.
