North Korea Hacked and Stole Cryptocurrencies to Finance Kim's Nuclear Program

The FBI has accused hackers linked to North Korea of carrying out one of the largest cryptocurrency thefts ever known, with a haul of approximately 1.5 billion dollars in ethereum, stolen from the Dubai-based cryptocurrency exchange firm, Bybit.

This attack, which occurred in early February 2025, represents a new attack carried out by a group of hackers known to the United States government as TraderTraitor, also related to the Lazarus Group.

The theft highlights North Korea's growing prowess in cybercrime and the use of these funds to finance its nuclear and ballistic missile programs, evading international sanctions.

According to the FBI, the strikers stole the cryptocurrencies through the distribution of modified cryptocurrency exchange applications, which contained malware designed to siphon funds.

The cryptocurrencies were transferred from a "cold wallet" of Bybit, a type of offline wallet considered secure, to an unknown address. The hackers used a sophisticated exploit through a fake interface, almost identical to Bybit's legitimate platform, to deceive users.

The stolen funds were quickly converted into Bitcoin and dispersed through thousands of addresses on different blockchains, which complicates the task of tracking and recovering the money.

This theft is one of the largest in blockchain history, even surpassing the billion-dollar theft carried out by Saddam Hussein through Iraq's central bank before the 2003 war.

The FBI has warned that the stolen assets are likely to be laundered and eventually converted into fiat money, which would further contribute to North Korea's finances.

The Lazarus Group, linked to North Korea, is known for carrying out cyberattacks for financial purposes, and the FBI has identified TraderTraitor as one of its recent operations.

Additionally, the South Korean intelligence agency has reported that between 2017 and 2023, North Korean hackers stole more than 3 billion dollars in cyberattacks, a large portion of which is believed to have been used to fund the development of weapons of mass destruction.

The impact of this theft has had significant repercussions in the cryptocurrency markets, where prices have fallen due to the uncertainty caused by the attack.

Despite this blow, the market overall benefited from the recent election of Donald Trump as president of the United States, which caused a temporary increase in Bitcoin prices, trading above 82,000 dollars, reaching the threshold of 100,000 dollars a month ago.

Meanwhile, Bybit, the affected platform, publicly acknowledged the attack and offered a reward of up to 140 million dollars for those who could help track the stolen funds.

The company explained that the attack occurred when a routine ethereum transfer, from a cold wallet to an online wallet, was manipulated. Manuel Villegas, an analyst at Julius Baer, described the attack as highly sophisticated, highlighting that the manipulation of the cold wallet involved a "blind signature exploit," a method of deception through a fake interface that presented itself as legitimate.

Analysts from Certik, a blockchain analysis firm, described this theft as the largest breach in the history of cryptocurrency transactions. Additionally, the FBI warned that the investigation into the attack continues, and that the stolen funds could be used to finance more malicious activities by North Korea.

The North Korean regime has resorted to cybercrime as one of its main sources of foreign currency, due to the country's economic isolation and the severe international sanctions it has faced.

Despite economic difficulties, Kim Jong-un's regime has managed to make significant advances in its missile and nuclear weapons program. In addition to cyberattacks, North Korea has supplied weapons and troops to Russia, in exchange for money and technology, in the context of Russia's war with Ukraine.

A report from the blockchain analysis firm Chainalysis indicated that hackers linked to North Korea stole more than 1.3 billion dollars in cryptocurrencies in 2024, a significant increase from the 660 million dollars stolen in 2023.