FBI Urges Crypto Exchanges and Node Operators to Block Transactions Linked to Bybit Hackers

The FBI is calling on crypto node operators, exchanges, and various private sector entities to block transactions tied to the hackers responsible for the $1.4 billion Bybit heist. In a recent public service announcement, the U.S. law enforcement agency confirmed that North Korea was behind the attack, which took place on October 21, 2024. The operation, dubbed “TraderTraitor” by the FBI, is linked to the notorious Lazarus Group, also known by other aliases such as APT38, BlueNoroff, and Stardust Chollima.

North Korean Hackers Behind the Bybit Heist

The FBI's recent statement on February 26 shed light on the rapid movements of the stolen assets, with the hacker group quickly converting portions of the loot into Bitcoin and other virtual currencies. These assets have been spread across numerous addresses on multiple blockchains, raising concerns that further laundering efforts are imminent. The stolen funds are expected to eventually be converted into fiat currency, posing a significant risk to global financial security.

The FBI’s notice highlights the growing sophistication of cybercrime groups linked to North Korea, noting the group's tendency to use decentralized exchanges, cross-chain bridges, and instant swap services that bypass traditional Know Your Customer (KYC) protocols.

Urgent Call for Action Across the Crypto Ecosystem

In light of these developments, the FBI has called on a wide range of industry players to take immediate action. Specifically, the agency is urging Remote Procedure Call (RPC) node operators, exchanges, blockchain analytics firms, decentralized finance (DeFi) platforms, and other related service providers to block transactions from any addresses connected to the TraderTraitor operation.

As part of its ongoing efforts to stop the hackers from laundering the stolen funds, the FBI has shared a list of 51 Ethereum addresses associated with the criminals. These addresses have been flagged as crucial for industry players to avoid engaging with. Additionally, blockchain analytics firm Elliptic has flagged over 11,000 crypto wallet addresses believed to be linked to the Bybit exploit, further complicating the task of tracing and blocking these illicit funds.

Unused Funds Remain in Limbo

Despite the swift movement of much of the stolen crypto, a significant portion of the hack remains untouched. As of now, 363,900 Ether—valued at approximately $825 million—has not been moved since the attack. This remaining portion of the stolen funds adds an extra layer of urgency for law enforcement and crypto industry participants to act quickly.

The Role of the Crypto Industry

The FBI’s call to action highlights the critical role that the private sector plays in the fight against crypto-related crime. As crypto continues to become more integrated into the global financial system, the need for robust collaboration between law enforcement and industry players has never been more pressing. By blocking transactions linked to hackers and actively preventing the further laundering of funds, exchanges, node operators, and other service providers can help stem the tide of illicit activities.

A Request for Information

The FBI has also called on anyone with valuable information about the hack to come forward. Individuals with relevant details are encouraged to contact the FBI’s Internet Crime Complaint Center to aid in the investigation.

As the investigation continues, the FBI and other law enforcement agencies are working tirelessly to trace the remaining stolen assets, with hopes of preventing them from reaching their final destination: the North Korean regime’s coffers. The collaboration between government agencies and the crypto industry will be key to ensuring that the perpetrators are brought to justice, and the flow of illicit funds is halted.