The Federal Bureau of Investigation (FBI) has officially attributed the recent $1.5 billion cyberattack on cryptocurrency exchange Bybit to North Koreas state-sponsored Lazarus Group. The attack, which occurred on February 21, saw hackers infiltrate one of Bybits cold wallets and steal over 41,000 ETH.

This breach added to a growing list of high-profile cryptocurrency heists orchestrated by North Korean hacking entities.

US Authorities Sound Alarm on North Koreas Crypto Heists

In a joint Cybersecurity Advisory (CSA) issued by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department, authorities warned about the increasing cyber risks posed by North Korea-backed advanced persistent threat (APT) groups.

The Lazarus Group, also known by aliases such as APT38, BlueNoroff, and Stardust Chollima, has been conducting cyber theft operations since at least 2020. The entity has been known for systematically targeting cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn gaming platforms, as well as venture capital firms investing in digital assets.

The advisory outlined the groups tactics, which include social engineering, spearphishing campaigns, and the deployment of trojanized cryptocurrency applications to infiltrate networks and exfiltrate funds.

According to US authorities, North Korean hackers use sophisticated malware strains, including the notorious AppleJeus malware, to compromise cryptocurrency platforms. These cyber actors frequently exploit vulnerabilities in financial technology firms and blockchain infrastructure to launder stolen digital assets, ultimately funneling funds back to the North Korean regime.

TraderTraitor

The Bybit hack follows a familiar pattern, with attackers using deceptive recruitment tactics to lure employees into downloading compromised trading applications, referred to as TraderTraitor. These applications are designed with cross-platform JavaScript and Node.js to make them appear legitimate but contain hidden malware that allows attackers to gain unauthorized access to private keys and initiate fraudulent blockchain transactions.

With North Koreas cyber theft operations continuing to escalate, the US government has reiterated its commitment to combating illicit activities in the cryptocurrency sector. The FBI urges cryptocurrency firms to strengthen cybersecurity measures, monitor for indicators of compromise (IOCs), and implement robust security protocols to mitigate risks associated with North Korean-backed cyber threats.