Key points
- Stolen assets already converted into Bitcoin: probe
- FBI urges crypto platforms to block transactions linked to hack
- $300m stolen from Japan-based exchange DMM last year
ISLAMABAD: The US Federal Bureau of Investigation (FBI) has confirmed that North Korea’s cyber group TraderTraitor stole $1.5 billion from crypto exchange Bybit last week.
FBI sleuths claimed some of the stolen assets have already been converted into Bitcoin and spread across thousands of blockchain addresses.
The funds are expected to be laundered and cashed out.
The FBI had urged crypto platforms to block transactions linked to the hack.
In December last year, the Japanese police and the FBI said a North Korean hacking group stole cryptocurrency worth over $300 million from the Japan-based exchange DMM Bitcoin.
“TraderTraitor group”
AFP reported that the TraderTraitor group – believed to be part of Lazarus Group, which is allegedly linked to the Pyongyang authorities — carried out the heist.
Lazarus Group gained notoriety a decade ago when it was accused of hacking into Sony Pictures as revenge for “The Interview,” a film that mocked North Korean leader Kim Jong Un.
The FBI detailed “the theft of cryptocurrency worth $308 million US dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors” in a separate statement dated Monday.
Malicious line of code
It described a “targeted social engineering” operation where a hacker pretended to be a recruiter on LinkedIn to contact an employee of a different crypto wallet software company.
They sent the employee what appeared to be a pre-employment test, which actually contained a malicious line of code.
That allowed the hacker to compromise their system and impersonate the employee, the FBI said.
“In late May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 Bitcoin, worth $308 million at the time,” it said.
“The FBI, National Police Agency of Japan, and other US government and international partners will continue to expose and combat North Korea’s use of illicit activities — including cybercrime and cryptocurrency theft — to generate revenue for the regime,” it said.
Cyber-warfare
North Korea’s cyber-warfare programme dates back to at least the mid-1990s, according to AFP.
It has since grown to a 6,000-strong cyber-warfare unit known as Bureau 121 that operates from several countries, according to a 2020 US military report.
