New revelations are still coming out of the $1.4 billion Bybit hack, the largest crypto hack in history. After investigators identified evidence indicating that North Korean hackers were involved, the FBI also weighed in. The agency has recently confirmed it believes that hacking groups linked to Pyongyang are responsible.
On Thursday, February 27th, the Federal Bureau of Investigation (FBI) issued a statement claiming North Korean hackers were responsible for the Bybit hack. The agency referenced the infamous Lazarus Group, also known as TraderTraitor, as the entity behind the hack.
The FBI explained that “TraderTraitor actors are proceeding rapidly” in converting stolen crypto and dispersing it across blockchains. They added that “it is expected these assets will be further laundered and eventually converted to fiat currency. “
The FBI urged private actors, including exchanges, node operators, and DeFi services, to block transactions from wallets connected to the hack and issued a list of addresses that should be blocked.
How North Korean Hackers Stole $1.4 Billion
According to a preliminary forensic report commissioned by Bybit, hackers infected Bybit’s systems with malicious Javascript code. The code activated during the next cold wallet transfer, tricking the exchange into approving a 401,347 ETH transfer to the hacker’s address.
In an earlier report, the FBI revealed some techniques North Korean hackers use against crypto exchanges. The most popular ones include targeting employees of crypto projects, often posing as recruiters. They send the employees a malicious link containing a Trojan virus, compromising their device.
From there, hackers can use this virus to access and change sensitive data from their employer. This includes wallet permissions, account information, and other types of data. For this reason, some of these crypto hacks raise the suspicion that there is insider involvement.
The FBI also claims that North Korea uses hackers to generate revenue for its weapons program. These groups have recently shifted their focus to crypto. Due to cryptocurrency’s permissionless nature, it is very hard to block hackers from eventually converting the stolen crypto into fiat currency, to fund the North Korean regime.
