FBI Issues Warning: Urgent Call to Block Transactions Linked to Bybit Hack

Key Takeaways:

• The Lazarus Group, which the FBI refers to as “TraderTraitor,” is attempting to launder funds.
• FBI urges crypto firms to freeze transactions related to the hackers.
• Entities with relevant information are encouraged to report to the FBI’s Internet Crime Complaint Center (IC3).

The FBI has issued a warning to cryptocurrency node operators, exchanges and private sector partners to coordinate their efforts to recover funds stolen in the massive $1.5 billion Bybit hack. As of February 21, this event has rocked the cryptocurrency space and law enforcement isn’t wasting any time.

The FBI confirms Lazarus Group (TraderTraitor) is behind the $1.5B Bybit hack.

The attack originated from a compromised Safe{Wallet} developer machine, allowing a malicious transaction to target Bybit’s multisig cold wallet.

The stolen funds are now being laundered across… pic.twitter.com/4j9jLAsWxl

— The Hacker News (@TheHackersNews) February 27, 2025

The hacker group, called TraderTraitor (and also known as the Lazarus Group, APT38, BlueNoroff, and Stardust Chollima), is quickly converting the stolen assets into Bitcoin and other virtual currencies, the FBI said in a public service announcement. These assets are then spread across many addresses on various blockchains. The FBI is concerned that these assets will now be laundered and ultimately made into fiat currency, a situation that will render their recovery more complex.

According to cryptocurrency analyst EmberCN, since Feb. 21, Bybit hackers have laundered more than 135,000 Ether (ETH). The bulk of these were liquid-staked Ether tokens. Notably, an astonishing 363,900 Ether worth about $825 million at current prices has not moved since the hack.

Bybit 黑客在过去 24 小时洗走了 4.59 万枚 ETH ($1.13 亿)。目前他们一共已经洗走了 13.5 万枚 ETH ($3.35 亿)，接近三分之一了。

现在 Bybit 黑客地址里还有 36.39 万枚 ETH ($9 亿)。以目前的频率只需要再有 8~10 天就洗完了。

本文由 #Bitget｜@Bitget_zh 赞助 https://t.co/nNwpWP0uEE pic.twitter.com/tpIi3LD7FU

— 余烬 (@EmberCN) February 26, 2025

More News: Bybit Hackers Accelerate $335M Laundering Spree: Can Trust Be Restored?

The price of ETH has been impacted by this event, experiencing fluctuations and a recent decline due to prevailing negative market sentiment.

According to crypto forensics firm Chainalysis, the hackers have already exchanged parts of the stolen Ether into Bitcoin (BTC), Dai (DAI) stablecoin and other cryptocurrencies using decentralized exchanges (DEX), cross-chain bridges and instant swap services that do not require KYC (Know Your Customer) identification. This makes it exceedingly difficult to follow the money.

For example, the hackers can use a DEX, such as Uniswap, to convert ETH to BTC without revealing any personal information.

In our latest blog, we look at how the near-$1.5 billion Bybit exploit occurred, the attackers’ link to the DPRK, and how we are collaborating with Bybit and law enforcement to help recover funds: https://t.co/MOh0JQZd9V pic.twitter.com/iIwF2xm1b0

— Chainalysis (@chainalysis) February 24, 2025

To stop this laundering operation, the FBI urges entities in the cryptocurrency industry to take decisive action:

• Block Transactions: Operators of remote procedure call (RPC) nodes, exchanges, bridges, blockchain analytics companies, decentralized finance (DeFi) service providers, and other organizations should take immediate action, when technically feasible, to block transactions pertaining to TraderTraitor. It takes constant vigilance and smart tracking tools to do this.
• Share: If you have relevant information about the incident, please alert the FBI’s Internet Crime Complaint Center (IC3). This information may involve suspicious transactions, unusual activities in the wallets, or possible leads on the hacking groups’ whereabouts.
• Monitor and Flag: Employ blockchain analytics tools to track and flag wallet addresses implicated in the Bybit hack. This helps stop any further movement of the stolen funds.

The FBI’s public service notice to halt transactions involving Bybit’s money launderers. Source: FBI

The FBI has published a list of 51 Ethereum addresses controlled by TraderTraitor or closely associated with the group. To stop the laundering process, the industry must refrain from processing transactions involving these addresses.

Blockchain analytics company Elliptic has already flagged 11,084 crypto wallet addresses suspected of being linked to the Bybit exploit. This highlights the increasing push to identify and disrupt the hackers’ financial networks.

More News: Bybit Suffers Massive $1.4 Billion Hack: What You Need to Know

The Bybit hack and subsequent money laundering attempts expose significant vulnerabilities in the crypto ecosystem. The incident reinforces the importance of strong security measures and the need for collaboration between organizations to deter and fight off crypto-related crimes.

The FBI’s preemptive action in seeking the cooperation of those involved in crypto is important in protecting the digital asset ecosystem and the safety of its users. However, much will depend on how well all parties cooperate in the implementation of these measures and are committed to them going forward.

Although the FBI is working to get the money back, the long-term effects of this hack could include stricter regulations and more oversight of cryptocurrency exchanges. For the industry, restoring trust and showing it can protect users’ assets will not be easy.

In related news, reports indicate that a Dubai-based firm lost $1.5 billion in crypto to North Korean-backed hackers, with possible links to the same heist, according to the FBI. The North Korean state media has been silent on the theft or the FBI accusation.

More News: 2024: A Bumper Year for Crypto Hackers – Centralized Services and Private Keys at Risk

Bybit has said that a routine transfer of ethereum — one of the most popular cryptocurrencies — from a so-called “cold” or offline wallet was “manipulated” by an attacker who moved the crypto to an unknown address.

In a further statement, the FBI has requested all crypto operators to refer to a list of 51 Ethereum addresses controlled or linked closely with TraderTraitor. These addresses should be blacklisted or avoided to prevent the laundering of the stolen funds within the industry.

The post FBI Issues Warning: Urgent Call to Block Transactions Linked to Bybit Hack appeared first on CryptoNinjas.