ICE Lazarus Group Steals $1.5 Billion in Ethereum from Bybit – FBI Confirms North Korea’s Involvement The US Federal Bureau of Investigation announced that hackers from North Korea stole $1.5 billion in Ethereum from the Bybit crypto exchange. The attack took place on February 21, 2025, and some of the stolen funds were converted into Bitcoin. The FBI linked the attack to the Lazarus Group, which operates with the support of the North Korean government.
The hack occurred on February 21, when hackers exploited a vulnerability in the Bybit exchange’s cold wallet. The funds were stolen by subverting the wallet interface, which allowed the attackers to transfer 400,000 ETH to dozens of anonymous wallets What is TraderTraitor? The hackers used TraderTraitor, a specialized malware disguised as a legitimate cryptocurrency trading tool. TraderTraitor is built on Electron and Node.js and can hack cryptocurrency exchange systems. Bybit’s Reaction Ben Zhou, the exchange’s founder, admitted that 70% of Ethereum assets were compromised, but assured that the exchange’s main cold wallet is safe. Bybit announced a reward of $140 million for stolen assets or information that will help find the hackers. The company said this.
Lazarus Group – who are they? (APT38, BlueNoroff, Stardust Chollima) – a hacking group associated with the North Korean government; known for attacks on banks, crypto exchanges and financial institutions since 2017. In total, the group stole about $3 billion to finance North Korean programs.
Reaction of authorities and crypto community The FBI has already called on crypto companies to provide a list of wallets to which stolen assets were sent and to block transactions. Experts warn that the use of cold wallets does not guarantee 100% security, as attacks are becoming increasingly sophisticated.
70 
65 