FBI: NK Hackers Swiped $1.5B Crypto from Dubai Firm

ROME — In a striking cyber incident, hackers suspected to be associated with North Korea have orchestrated a major heist of cryptocurrency, capturing approximately $1.5 billion in ethereum from a Dubai-based cryptocurrency exchange. This attack took place earlier this month and targeted Bybit, one of the most prominent platforms in the crypto trading world.

These sophisticated hackers, identified by U.S. authorities under the names TraderTraitor and the Lazarus Group, employ deceptive cryptocurrency trading applications embedded with malware, which allows them to siphon off digital assets. The FBI has outlined this modus operandi in their detailed warnings.

On Wednesday, in a public online statement, the FBI outlined how they believe these North Korean-backed cybercriminals orchestrated the theft. The FBI said that once the cryptocurrency was stolen, the actors moved quickly, converting a portion of these assets into Bitcoin and scattering them across various blockchain addresses.

So far, North Korean state media has remained silent on the allegations, and the mission for Pyongyang at the U.N. in Geneva has not provided any comments on the matter. Nevertheless, recent reports suggest that North Korea has successfully amassed an estimated $1.2 billion in cryptocurrency during the previous five years, utilizing it as a crucial source of foreign currency to support its sanctioned-crippled economy and its defense initiatives.

Moreover, a U.N. experts’ panel has been investigating North Korea’s involvement in 58 suspected cyberattacks from 2017 through 2023, which reportedly contributed some $3 billion toward the nation’s pursuit of weaponry.

Ben Zhou, Bybit’s co-founder and CEO, acknowledged the situation through social media by pointing to a bounty program offering $140 million for efforts to track down and freeze the illicitly obtained cryptocurrency. Bybit confirmed that the breach involved the manipulation of a routine transfer from an offline, or “cold,” wallet.

Experts within the cybersecurity field suggest that the hack utilized a blind signing exploit, where an imitation interface misled users into thinking they were operating on a legitimate platform. Manuel Villegas, an analyst, emphasized how advanced the attack was, leveraging near-identical copies of the legitimate service.

The incident is considered “the largest breach” ever recorded in blockchain history, according to blockchain analysis firm Certik. It has also sparked unrest in the crypto markets, influencing a decrease in cryptocurrency valuations. This market instability has persisted despite the windfall of U.S. political events. For instance, Bitcoin, the foremost cryptocurrency, was valued at over $82,000 per coin on Thursday, representing a steep decline from its former height above $100,000.

Villegas commented on the situation, noting its severe impact on Bybit’s clientele and anticipating enhanced regulatory inspection as a consequence of the breach.