The FBI has sounded the alarm on the largest crypto heist in history, urging exchanges and blockchain providers to freeze stolen Bybit funds before they vanish.
The FBI has called on cryptocurrency exchanges and blockchain node operators to freeze transactions associated with the Bybit hackers, escalating efforts to track and prevent the laundering of stolen funds.
The FBI has confirmed that North Korea-backed hackers, widely referred to as the Lazarus Group, were behind the Feb. 21 attack, using the alias TraderTraitor for the cybercriminal syndicate. The agency noted that TraderTraitor has been linked to multiple large-scale crypto thefts, including the Ronin Bridge hack in 2022.
FBI Warns of Rapid Fund Laundering
According to the FBI’s statement, the Bybit hackers have already laundered over 135,000 ETH, primarily liquid-staked ETH, since the breach, with another 363,900 ETH ($825 million) still sitting untouched in hacker-controlled wallets.
“TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains,” the FBI noted in its Feb. 26 advisory.
The agency warned that the stolen funds would likely be further laundered and eventually converted to fiat currency, reinforcing the urgency for crypto platforms to intervene.
Exchanges, Bridges, and DeFi Services Asked to Block Transactions
To combat the illicit movement of funds, the FBI has called on:
- Remote Procedure Call (RPC) node operators
- Crypto exchanges
- Blockchain analytics firms
- Decentralized finance (DeFi) service providers
- Cross-chain bridge operators
These entities have been urged to block transactions from 51 Ethereum addresses controlled by TraderTraitor or linked to the Bybit exploit.
Elliptic Flags Thousands of Suspicious Wallets
In a separate investigation, blockchain analytics firm Elliptic has flagged over 11,084 crypto wallet addresses suspected of holding or transacting stolen Bybit funds. Meanwhile, Chainalysis reported that hackers have already swapped portions of stolen Ether for Bitcoin, Dai, and other assets via decentralized exchanges, cross-chain bridges, and instant swap services that lack KYC protocols.
The FBI has requested anyone with relevant information to report suspicious activity to its Internet Crime Complaint Center.
What’s Next?
The FBI’s involvement marks a growing global crackdown on crypto-based cybercrime, with greater coordination between law enforcement and the crypto industry to track illicit funds. As exchanges and blockchain service providers tighten security measures, the effectiveness of blocking stolen assets could set a precedent for future enforcement actions against state-sponsored hacking groups like Lazarus.
With the largest crypto heist on record unfolding, the FBI’s response could redefine how authorities and exchanges combat cybercrime, setting a precedent for future attacks.
