Bybit Hacking: The FBI Orders Crypto Exchanges To Block Suspicious Transactions

The FBI is calling on node operators and crypto exchanges to block transactions linked to the record hack of Bybit. The American federal agency confirms the involvement of the North Korean group Lazarus in this theft of $1.4 billion and is taking measures to prevent money laundering.

The FBI mobilizes the crypto industry against North Korean hackers

On February 26, 2025, the Federal Bureau of Investigation (FBI) launched a public appeal urging node operators, exchanges, and other players in the crypto sector to block transactions related to the massive hack of Bybit.

This attack, which occurred on October 21, allowed hackers to steal $1.4 billion, mainly in Ether (ETH), making this hack one of the largest in cryptocurrency history.

The American agency has formally attributed this cyberattack to the North Korean group Lazarus, which it designates by the code name “TraderTraitor” (also known as APT38, BlueNoroff, and Stardust Chollima). This group is notoriously known for its sophisticated operations targeting the financial sector and particularly the crypto ecosystem.

The FBI investigators have shared a list of 51 Ethereum addresses directly linked to the hackers, but the blockchain analysis company Elliptic has already identified more than 11,000 suspicious wallets involved in this operation.

“The TraderTraitor actors act quickly and have converted some of the stolen assets into bitcoin and other cryptocurrencies, dispersed across thousands of addresses on multiple blockchains“, specifies the FBI in its press release.

A race against time to prevent money laundering

Investigations conducted by analysts like ZachXBT and Arkham Intelligence have revealed a troubling element: the same wallets involved in the Bybit hack were also used in the Phemex hack in January 2025. This direct link, established on-chain, proves that the Lazarus group consolidates stolen funds from different attacks before starting its money laundering operations.

Since the October incident, the hackers have already managed to launder over 135,000 Ether, worth approximately $305 million at current rates. However, an additional 363,900 ETH, valued at around $825 million, remain untouched in the hackers’ wallets. These funds are likely to be gradually converted into bitcoin, stablecoins like DAI, or fiat currency.

The attack method used against Bybit was particularly ingenious: the hackers deployed a fake smart contract that deceived signers and compromised a multi-signature Ethereum wallet.

To launder the stolen funds, they use a toolkit of sophisticated techniques: decentralized exchanges, cross-chain bridges, instant exchange services without KYC, and mixers like Tornado Cash that make transactions practically untraceable.

This hacking incident is part of an alarming trend. In 2024, North Korean hackers are estimated to have already stolen $1.34 billion in digital assets, representing a 102% increase compared to 2023. Among their notable victims are the Ronin network ($600 million) and WazirX ($230 million).

In the face of this unprecedented threat, collaboration between authorities and crypto players becomes vital. The FBI is intensifying its actions in this sector, as evidenced by the search at the CEO of Polymarket last November. This increasing involvement of American authorities in the crypto universe raises both hopes and questions.