The Federal Bureau of Investigation (FBI) has joined the search for North Korea’s Lazarus Group, the cybercriminal organization behind the massive Bybit hack. The attack, which resulted in the theft of Ethereum (ETH) valued at $1.5 billion, is now regarded as one of the largest crypto heists in history.
Security companies Verichains and Sygnia claim that the attack did not originate from within Bybit infrastructure but from Safe{Wallet} using a compromised AWS environment.
Hackers compromised a Safe wallet belonging to a Bybit developer and injected malicious JavaScript into the exchange’s front-end system. This allowed them to manipulate transaction parameters and produce forged documents that would compel signers to authorize undesired transfers.
Also Read: What Next for Ripple (XRP) Lawsuit Following SEC’s Private Meeting?
Laundering of Stolen Ethereum Through THORChain
The laundering process of the stolen funds is ongoing, with 270,000 ETH valued at approximately $605 million already moved through THORChain. Investigators found that the hackers distributed the stolen ETH across over 40 wallets.
The funds were then processed through cross-chain bridges, mixers, and unregulated exchanges to obfuscate the trail.
Bybit was able to freeze $40 million out of the stolen assets, and it offered a 10% reward for any regained ETH. However, $120 million has been laundered, and an exchange called eXch has declined to freeze further assets for Bybit.
The steps are still building on eXch’s hostilities with other cryptocurrency exchanges in the past, making the recovery process even harder.
FBI’s Call for Action Against TraderTraitor Transactions
The FBI has urged cryptocurrency exchanges, DeFi platforms, blockchain analytics firms, and RPC node operators to block transactions associated with the TraderTraitor hacking group. Over 100 Ethereum addresses linked to North Korean operatives have been identified, with some still holding stolen assets.
The FBI emphasized its commitment to safeguarding the virtual asset community by identifying, disrupting, and preventing cybercrime operations linked to North Korea.
Authorities encourage individuals with information related to the attack to report to their nearest FBI field office or file a complaint through the FBI’s Internet Crime Complaint Center at ic3.gov. The investigation remains active as law enforcement agencies intensify efforts to track and recover the stolen funds.
Also Read: ByBit Fights Back: Crypto Giant Reclaims India After Regulatory Battle
