FBI says North Korea stole $US1.5b in cryptocurrency

It is a thoroughly modern heist that puts history's biggest bank robbery in the shade.
On the eve of the US-led invasion of Iraq in 2003, it took three trucks and a hand-written note from his dictator father for Qusay Hussein to make off with $US920 million-plus ($1.4 billion) in cash from the country's central bank.
In 2025, the big steal was a cashless transaction.
Instead of $US100 notes in boxes, the loot was a cryptocurrency called Ethereum.
It was taken not from a bank vault but a digital "wallet" belonging to a Dubai-based crypto exchange called Bybit.
It was valued at $US1.5 billion ($2.4 billion).
The alleged thieves were not even on the same continent.
They were in front of computer screens more than 6,000 kilometres away in the despotic hermit kingdom of Kim Jong Un.
Six days after the Bybit heist, the US Federal Bureau of Investigation said North Korea was responsible.
The massive theft rocked perceptions of crypto as a cyber safe haven.
It also hammered home what a happy hunting ground the digital realm has become for 21st century criminals.
Cyber crooks armed with malicious software codes and stolen digital keys can make off with the kind of hauls that put shotgun-wielding bank robbers to shame.
"We've never seen anything on this scale before," Nick Carlsen, a former FBI intelligence analyst with expertise in North Korea, told CNN.
"The ability of these illicit financial networks to absorb such huge amounts of money so quickly is deeply concerning."
The FBI said it referred to "this specific North Korean malicious cyber activity as 'TraderTraitor'", involving state-sponsored hackers known as the Lazarus Group.
The FBI has previously identified North Korean cyber actors as an "advanced persistent threat" since at least 2020.
It says they target players in cryptocurrency and blockchain technology, from video gamers to trading companies and venture capital funds, and even individuals with big crypto holdings.
They work by encouraging victims to download apps that allow them to secretly gain access to their computers and networks, a tactic known as "social engineering".
Other North Korean hackers the "BeagleBoyz" have used similar tactics to steal from banks around the world, including $US81 million from the Bank of Bangladesh in 2016, according to the FBI.
The FBI said the "TraderTraitor" actors had moved "rapidly" to launder their spoils from Bybit, converting the stolen money to Bitcoin and "other virtual assets dispersed across thousands of addresses on multiple blockchains".
"It is expected these assets will be further laundered and eventually converted to fiat currency," it said.
The news that Bybit had lost almost nine per cent of its total assets prompted a run on the world's second-largest cryptocurrency trading platform, with hundreds of thousands of customers seeking to withdraw funds.
There's no publicly available data on how much Australians have invested via the platform.
Million-dollar bounties for cyber sleuths
Bybit chief executive Ben Zhou said the company would wear the losses out of its own pocket on behalf of its more than 60 million customers.
The company released interim investigation reports from cybersecurity firms Sygnia and Verichains that suggested the cause of the attack was "malicious code" planted in a Bybit "cold wallet" — or offline digital storage system — on February 19 and activated two days later.
The storage was provided by another company, SafeWallet, and "no indication of compromise was identified within Bybit's infrastructure", according to Sygnia.
Verichains said on X that the attack was a "strong wake up call" that procedures like "private keys" for individual access to systems were "prone to exploitation and manipulation".
Bybit also put up a bounty for cyber sleuths who could help trace the stolen money through public digital "wallets".
It offered five per cent to people or companies who could get the money frozen.
It set up a website that already shows several bounties awarded, including to the blockchain company Mantle, which has earned an estimated $US2million ($3.2 million).
Mr Zhou said Bybit had "assigned a team to dedicate to maintain and update this website, we will not stop until Lazarus or bad actors in the industry is eliminated".
Other observers predict the heist will undermine public trust in cryptocurrency.
UK-based crypto fraud lawyer Louise Abbott told the BBC that "if such a hack can occur at this scale in the world's second-largest exchange, it can certainly happen again".