World's biggest digital heist (worth $1.5 billion) happened last Friday, and the FBI just confirmed who did it

The FBI has officially named North Korea as the culprit behind last Friday’s record-breaking cryptocurrency heist, which siphoned $1.5 billion from Dubai-based exchange Bybit. The theft, now labeled the largest digital asset robbery in history, sent shockwaves through the crypto industry and exposed critical vulnerabilities in even the most fortified systems.

Bybit first flagged the breach hours after it occurred, revealing that attackers had drained over 400,000 Ethereum and staked Ethereum tokens from a supposedly secure “multisig cold wallet.” These wallets, designed to require multiple high-level approvals for transfers, are considered among the safest ways to store crypto. Yet hackers somehow bypassed these safeguards, moving funds to a hot wallet before spiriting them away.

Investigators quickly zeroed in on North Korea’s Lazarus Group, a state-backed hacking collective notorious for funding weapons programs through cybercrime. Blockchain analysts at Elliptic traced the stolen funds through a maze of wallets and exchanges, spotting patterns unique to Lazarus. Their report highlighted how the group swapped tokens for Ether, then scattered the loot across 50 wallets, a classic laundering tactic.

The breach didn’t rely on code exploits or infrastructure hacks. Instead, Lazarus manipulated Bybit’s user interface, tricking employees into approving malicious transactions. Security firms Check Point and Trail of Bits noted the hackers likely used malware to alter how transaction details appeared on screens, masking the theft as routine transfers. This “UI manipulation” allowed them to bypass multiple approvals undetected.

Bybit assured users that only Ethereum wallets were compromised, insisting other assets and customer funds remained safe. The exchange is working with forensic experts to track the stolen crypto, though recovery seems unlikely. Lazarus has already funneled millions through eXch, an anonymous exchange ignoring pleas to halt transactions.

North Korea’s crypto theft spree, now reportedly exceeding $6 billion since 2017, underscores the growing sophistication of state-sponsored cybercrime. The Bybit heist, however, marks a grim milestone. Experts warn that without stricter security protocols and international cooperation, such attacks will only escalate.

For now, the crypto world is left grappling with a harsh truth: No vault, digital or physical, is impervious when human judgment can be hacked.

For a deeper dive into the technical breakdown of the attack, I’d recommend reading Ars Technica’s report.