North Korea was behind the theft of approximately $1.5bn in virtual assets from a cryptocurrency exchange, the FBI has said, in what is being described as the biggest heist in history.
The haul, which reportedly has since lost some of its value, exceeded the previous record sum of $1bn stolen by the dictator Saddam Hussein from Iraq’s central bank before the 2003 war, and underlines the North’s growing expertise in cybercrime.
Describing this particular form of North Korean malicious cyber activity as “TraderTraitor”, the FBI on Wednesday warned that the virtual assets, stolen from ByBit, a Dubai-based crypto trading platform, would eventually be turned into currency. The bureau added that it expected the assets would be further laundered and eventually converted to fiat currency – a normal, government-backed currency that is not tied to commodities such as gold
North Korea is known to operate a sophisticated cybercrime unit – known as the Lazarus Group – that has been responsible for audacious thefts whose proceeds are thought to have funded the regime’s nuclear and ballistic missile programmes.
Hackers linked to North Korea stole more than US$1.3bn in cryptocurrency in 2024 – then a record amount – according to a report published in late December. The thefts were spread out over 47 incidents, the blockchain analysis firm Chainalysis said, adding that the total was a dramatic jump from the $660m seized in 2023.
“Hackers linked to North Korea have become notorious for their sophisticated and relentless tradecraft, often employing advanced malware, social engineering, and cryptocurrency theft to fund state-sponsored operations and circumvent international sanctions,” Chainalysis said in its report.
UN officials monitoring sanctions imposed on North Korea believe that the proceeds from dozens of suspected cyber-attacks the regime carried out between 2017 and 2023 were used to improve its nuclear weapons programme.
While his country’s economy has been battered by sanctions, the Covid-19 pandemic and natural disasters, Kim Jong-un has in recent years overseen significant improvements to North Korea’s potential to strike distant targets, including the US mainland.
Cybercrime is not the only means by which the regime earns foreign currency. Kim’s regime has supplied weapons, ammunition and troops to support the Russian invasion of Ukraine in exchange for cash and technological knowhow.
South Korea’s spy agency claimed on Thursday that Pyongyang had sent more soldiers to Russia, with some deployed to the frontline in Kursk, in addition to about 11,000 North Korean troops already thought to be in the Russian border region.
“The North Korean military, after a lull of about a month, was redeployed to the Kursk frontlines … with some additional troop deployments appearing to have taken place,” an official from the South’s National Intelligence Agency told Agence France-Presse, adding: “The exact scale is still being assessed.”
Another source of foreign currency has returned to North Korea in the past week, as it welcomed a small number of international tourists, including from the UK, France and Australia, for the first time since the pandemic.
Officials are reportedly hoping to attract large numbers of tourists from Russia, some of whom visited last year, and from China. The US, however, has banned its citizens from entering the country since 2017.
The victim of the latest heist, ByBit, said an attacker had gained control of an ether wallet and transferred the holdings to an unidentified address.
The exchange caters to more than 60 million users worldwide and offers access to various cryptocurrencies, including bitcoin and ether. Bybit had in recent days called on the “brightest minds” in cybersecurity to help it recover the $1.5bn.
www.theguardian.com
