The United States Federal Bureau of Investigation (FBI) has accused North Korea of orchestrating a massive cryptocurrency theft amounting to $1.5 billion, marking the largest such heist in history.

In a statement issued on Wednesday, the agency claimed that the cybercriminal group known as TraderTraitor, also referred to as the Lazarus Group, was behind the attack on Dubai-based cryptocurrency exchange Bybit.

Bybit had earlier reported a loss of 400,000 Ethereum, which was siphoned off after hackers exploited security loopholes during a transaction. The assets were then transferred to an undisclosed address.

“The Democratic People's Republic of Korea (DPRK) was responsible for the theft of approximately $1.5 billion in virtual assets from cryptocurrency exchange, Bybit,” the FBI stated in a public advisory.

The agency further noted that the stolen assets were being rapidly moved across various blockchains and converted into Bitcoin and other digital currencies. “It is expected these assets will be further laundered and eventually converted to fiat currency,” the statement added.

Lazarus Group’s cyber trail

Lazarus Group, which first gained international attention nearly a decade ago for hacking Sony Pictures in retaliation for “The Interview”—a film satirising North Korean leader Kim Jong Un—has been linked to multiple high-profile cyber heists.

In 2022, the group was allegedly behind the $620 million hack of the Ronin Network, which previously held the record for the largest cryptocurrency theft. The group was also implicated in a December 2023 cyberattack on Japan-based DMM Bitcoin, where it reportedly stole over $300 million.

North Korea’s cyber-warfare operations date back to at least the mid-1990s. A US military report in 2020 revealed that the country had developed a 6,000-strong cyber unit known as Bureau 121, operating from multiple locations, including China and Russia.

A United Nations panel investigating North Korea’s sanctions evasion estimated last year that Pyongyang has stolen over $3 billion in cryptocurrency since 2017. The funds, according to the panel, are used to finance the country’s nuclear weapons programme.

The hacking operations are reportedly overseen by North Korea’s Reconnaissance General Bureau, its primary intelligence agency.

Despite international sanctions and warnings from Western intelligence agencies, North Korea has continued to expand its cyber capabilities, posing a significant threat to global financial and security institutions.