North Korea was behind the theft of about $1.5 billion in virtual assets from cryptocurrency exchanges, the FBI said in what is called the biggest robbery in history.
The haul, which reportedly lost some of its value, exceeded the previous record total of $1 billion stolen by dictator Saddam Hussein from the Iraqi central bank before the 2003 war, highlights the North's growing expertise in cybercrime.
By describing this particular form of North Korea's malicious cyber activity as “Tradertraitor,” the FBI warned on Wednesday that virtual assets stolen from Bybit, a Dubai-based crypto trading platform, will eventually turn into currency.
“The Traderraitor actors are moving forward quickly, converting some of the stolen assets into Bitcoin and other virtual assets distributed across thousands of addresses on multiple blockchains,” the FBI statement said.
The bureau added that it hopes that the assets will be washed further and eventually converted into Fiat currency, a government-backed currency that is not tied to goods such as gold.
North Korea is known to run a sophisticated cybercrime unit known as the Lazarus Group. It is responsible for the bold theft that is believed to fund the administration's nuclear and ballistic missile programme.
The North-linked hackers stole over US$1.3 billion (and subsequently a record amount) in cryptocurrency in 2024, according to a report released in late December. The theft was distributed across 47 cases, blockchain analytics firm Chain Orisis added that it was a dramatic jump from the $660 million seized in 2023.
“North Korea-linked hackers have become infamous for their sophisticated and unrelenting commerce, often employing advanced malware, social engineering and cryptocurrency theft to fund state-sponsored businesses and avoid international sanctions.
UN officials monitoring sanctions imposed on North Korea believe revenues from dozens of cyberattacks that the administration took place in 2017-2023 used to improve its nuclear weapons programme.
While his country's economy has been abused by sanctions, the Covid-19 pandemic and natural disasters, Kim Jong-un has in recent years oversaw a significant improvement on North Korea's potential to attack distant targets, including the US mainland.
Cybercrime is not the only way the administration can acquire foreign currency. In exchange for cash and technology know-how, the Kim administration supplied weapons, ammunition and troops to support Russia's invasion of Ukraine.
South Korean spy agencies on Thursday alleged that Pyongyang had dispatched more soldiers to Russia, some of which had been deployed to the frontline of Kursk, and about 11,000 more North Korean troops were already believed to be in the Russian border area.
“The North Korean forces have been relocated to the frontlines of Kursk after about a month of lulling. It appears that additional troops have been deployed,” a Southern National Intelligence official told Agence France-Presse, adding that “the exact size is still being assessed.”
For the first time since the pandemic, another source of foreign currency has returned to North Korea over the past week as it welcomed a small number of international tourists, including the UK, France and Australia.
Authorities reportedly hope to attract many tourists from Russia, which visited from China last year. However, the US has banned citizens from entering the country since 2017.
Bybit, the victim of the latest robbery, said the attacker gained control of the ether wallet and moved his holdings to an unidentified address.
Exchange serves over 60 million users worldwide and provides access to a variety of cryptocurrencies, including Bitcoin and ether. Bybit recently called for the “brightest mind” of cybersecurity, helping to recover $1.5 billion.
