FBI accuses North Korean-backed hackers of stealing $1.5 billion in crypto from Dubai-based firm
ROME (AP) — The FBI has accused North Korean-linked hackers of conducting one of the largest thefts of cryptocurrency publicly known, seizing some $1.5 billion worth of ethereum from a Dubai-based firm.
The theft earlier this month targeting Bybit, one of the world's largest crypto exchanges, represents yet another involving a team of hackers identified by the U.S. government by the names TraderTraitor and the Lazarus Group.
The hackers steal cryptocurrency 'through the dissemination of cryptocurrency trading applications that were modified to include malware that facilitates theft of cryptocurrency,' the FBI has said.
FBI issues warning linking Pyongyang to theft
In an online public service announcement late Wednesday, the FBI said it believed the North Korean-backed hackers were 'responsible for the theft.'
'TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains,' the FBI said in its announcement. 'It is expected these assets will be further laundered and eventually converted to fiat currency.'
North Korean state media has not acknowledged either the theft or the FBI accusation. Pyongyang's mission to the United Nations in Geneva did not immediately respond to a request for comment from The Associated Press.
North Korean thefts reportedly fund nuclear weapons program
However, North Korea has stolen an estimated $1.2 billion in cryptocurrency and other virtual assets in the past five years, according to South Korea's spy agency. It represents a rare source of badly needed foreign currency to support its fragile economy and fund its nuclear program in the face of intense U.N. sanctions and North Korea's strict border closures during the coronavirus pandemic.
A U.N. experts panel separately said it was investigating 58 suspected cyberattacks by North Korea between 2017 to 2023 that saw some $3 billion stolen to 'reportedly help to fund the country's development of weapons of mass destruction.'
Bybit co-founder and CEO, Ben Zhou, acknowledged the FBI's announcement in a post on the social platform X by linking to a website offering $140 million in bounties for tracking the stolen crypto and getting it frozen by other exchanges.
Bybit has said a routine transfer of ethereum, one of the most popular cryptocurrencies, from a so-called 'cold' or offline wallet was 'manipulated' by an attacker who transferred the crypto to an unidentified address. The blockchain analytics firm Certik has described the theft as 'the largest breach' in the history of blockchain transactions.
The theft has seen overall crypto prices drop in recent days as investors in part have been spooked by the hack despite the industry getting a boost from the election of U.S. President Donald Trump. Industry leader Bitcoin traded over $82,000 a coin on Thursday, down from high of over $100,000 a month ago.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Hamilton Spectator
24 minutes ago
- Hamilton Spectator
A top Taliban official offers amnesty to Afghans who fled the country and urges them to return
A top Taliban official said on Saturday that all Afghans who fled the country after the collapse of the former Western-backed government are free to return home, promising they would not be harmed if they come back. Taliban Prime Minister Mohammad Hassan Akhund made the amnesty offer in his message for the Islamic holiday of Eid al-Adha , also known as the 'Feast of Sacrifice.' The offer comes days after U.S. President Donald Trump announced a sweeping travel ban on 12 countries, including Afghanistan . The measure largely bars Afghans hoping to resettle in the United States permanently as well as those hoping to go to the U.S. temporarily, such as for university study. Trump also suspended a core refugee program in January, all but ending support for Afghans who had allied with the U.S. and leaving tens of thousands of them stranded. Afghans in neighboring Pakistan who are awaiting resettlement are also dealing with a deportation drive by the Islamabad government to get them out of the country. Almost a million have left Pakistan since October 2023 to avoid arrest and expulsion. Akhund's holiday message was posted on the social platform X. 'Afghans who have left the country should return to their homeland,' he said. 'Nobody will harm them.' 'Come back to your ancestral land and live in an atmosphere of peace,' he added, and instructed officials to properly manage services for returning refugees and to ensure they were given shelter and support. He also used the occasion to criticize the media for making what he said were 'false judgements' about Afghanistan's Taliban rulers and their policies. 'We must not allow the torch of the Islamic system to be extinguished,' he said. 'The media should avoid false judgments and should not minimize the accomplishments of the system. While challenges exist, we must remain vigilant.' The Taliban swept into the capital Kabul and seized most of Afghanistan in a blitz in mid-August 2021 as the U.S. and NATO forces were in the last weeks of their pullout from the country after 20 years of war. The offensive prompted a mass exodus , with tens of thousands of Afghans thronging the airport in chaotic scenes, hoping for a flight out on the U.S. military airlift. People also fled across the border, to neighboring Iran and Pakistan. Among those escaping the new Taliban rulers were also former government officials, journalists, activists, those who had helped the U.S. during its campaign against the Taliban. Error! Sorry, there was an error processing your request. There was a problem with the recaptcha. Please try again. You may unsubscribe at any time. By signing up, you agree to our terms of use and privacy policy . This site is protected by reCAPTCHA and the Google privacy policy and terms of service apply. Want more of the latest from us? Sign up for more at our newsletter page .
WIRED
26 minutes ago
- WIRED
The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking
Plus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more. Democratic presidential nominee, U.S. Vice President Kamala Harris, speaks during a campaign rally at the PNC Music Pavilion on November 02, 2024 in Charlotte, North Carolina. With Photo-Illustration: WIRED Staff; Photograph:Since it's already chaos out there, this week, we thought we'd lean into the madness by envisioning the future threats that you're not ready for. From cyberattacks on the US grid to GPS blackouts, rampant deepfake scams, AI-powered super hackers, and widespread communication system collapse, there's a whole spectrum of scenarios that could take things from bad to worse. All is not lost, however—at least if you're Ross Ulbricht. The creator of the Silk Road dark web market, who was pardoned by President Donald Trump earlier this year, received a mysterious $31 million bitcoin donation last weekend. Crypto-tracing firm Chainalysis now suspects the lavish gift may have come from a vendor at another now-defunct black market, AlphaBay. A trove of public records reviewed by WIRED this week reveal a years-long effort by a farming industry group to get the FBI to treat animal rights activists as a 'bioterrorist' threat. The Animal Agriculture Alliance (AAA) was repeatedly in contact with the bureau's Weapons of Mass Destruction Directorate about the activities of groups like Direct Action Everywhere, or DxE. The records show that AAA fed intelligence about DxE to the FBI and used corporate spies to infiltrate the group's activities. Immigration and Customs Enforcement recently updated its guidance for agents who carry out courthouse raids and other 'enforcement actions' in and nearby court houses, according to an agency document reviewed by WIRED. The updated policy removes language that explicitly instructed agents to ensure they followed local and state laws. Anyone who was trying to play a new video game on Christmas Day in 2014 likely remembers the infamous Lizardsquad hack of Xbox Live and Playstation Network. Now, more than a decade later, we finally have the full story. But that's not all! Each week, we round up the security and privacy news we didn't cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. Mysterious iPhone Crashes Hint at a Chinese Hacks. Apple Denies It The security firm iVerify this week brought to light a series of suspicious iPhone crashes that researchers say might just indicate a stealthy, unprecedented Chinese zero-click hacking campaign victimizing American phones, including even those of staffers for the Harris-Walz presidential campaign. Or it's a random, not-particularly-dangerous bug that Apple has already squashed. In a report released Thursday, iVerify assessed with 'moderate confidence' that China-linked hackers may have targeted a series of iPhones with a sophisticated exploit, going after activists and dissidents critical of China, an EU government official, tech executives at AI firms competing with Chinese ones, and US political staffers—revealed by NBC News to be employees of the Harris-Walz campaign. iVerify didn't have a sample of the malware that might have infected those phones or other definitive proof that any hacking occurred. But it pointed to signs that seem like more than coincidences: The staffers whose phones had experienced the crashes had also been warned by the FBI that they'd already been targeted in China's Salt Typhoon hacking campaign against US telecoms. Another owner of the devices that crashed in the same way was later warned by Apple itself that he or she had been targeted by sophisticated hackers. All of that would represent a serious threat to national security. Except that, strangely, Apple flatly denies it happened. 'We strongly disagree with the claims of a targeted attack against our users,' Apple's head of security engineering, Ivan Krstić, wrote in a statement to WIRED. Apple has patched the issue that iVerify highlighted in its report, which caused iPhones to crash in certain cases when a message sender changed their own nickname and avatar. But it calls those crashes the result of a 'conventional software bug,' not evidence of a targeted exploitation. (That blanket denial certainly isn't Apple's usual response to confirmed iPhone hacking. The company has, for instance, sued hacking firm NSO group for its targeting of Apple customers.) The result is that what might have been a four-alarm fire in the counterintelligence world is reduced—for now—to a very troubling enigma. A 22-Year-Old Is Running a Key US Anti-Terrorism Program A 22-year-old former intern at the Heritage Foundation with no national security experience has reportedly been appointed to a key Department of Homeland Security role overseeing a major program designed to combat domestic terrorism. According to Propublica, Thomas Fugate last month assumed leadership of the Center for Programs and Partnerships (CP3), a DHS office tasked with funding nationwide efforts to prevent politically motivated violence—including school shootings and other forms of domestic terrorism. Fugate, a 2024 graduate of the University of Texas at San Antonio, replaced the former CP3 director, Bill Braniff, an Army veteran with 20 years of national security experience who resigned in March following staff cuts ordered by the Trump administration. According to CP3's most recent report to Congress, the office has funded more than 1,100 initiatives aimed at disrupting violent extremism. In recent months, the US has seen a string of high-profile targeted attacks, including a car bombing in California and the shooting of two Israeli Embassy aids in Washington, DC. Its $18 million grant program, designed to support local prevention efforts, is reportedly now under Fugate's supervision. Threat Intelligence Firms (Finally) Agree to a Glossary of Hacker Group Names Hacker group names have long been an unavoidable absurdity in the cybersecurity industry. Every threat intelligence company, in a scientifically defensible attempt to not make any assumption that they're tracking the same hackers as another firm, comes up with their own code name for any group they observe. The result is a somewhat silly profusion of overlapping naming systems based on elements, weather, and zoology: 'Fancy Bear' is 'Forest Blizzard' is 'APT28' is 'Strontium.' Now, several major threat intelligence players, including Google, Microsoft, CrowdStrike, and Palo Alto Networks, have finally shared enough of their internal research to agree to a glossary that confirms that they're referring to the same entities. The companies did not, however, agree to consolidate their naming systems into a single taxonomy. So this agreement doesn't mean the end of sentences in security reporting such as 'the hacker group Sandworm, also known as Telebots, Voodoo Bear, Hades, Iron Viking, Electrum, or Seashell Blizzard.' It just means we cybersecurity reporters can write that sentence with a little more confidence. Phone-Hacking Firm Corellium Acquired for $200 Million—After Trump Pardons Its Founder Chris Wade, the founder and CTO of mobile device reverse-engineering company Corellium, has had a wild last few decades: In 2005, he was convicted on criminal charges of enabling spammers by providing them proxy servers, and agreed to work undercover for law enforcement while avoiding prison. Then in 2020, he mysteriously received a pardon from President Donald Trump. He also settled a major copyright lawsuit from Apple. Now his company, which creates virtual images of Android and iOS devices so that customers can find ways to break into them, is being acquired by phone-hacking firm Cellebrite, a major law enforcement contractor, for $200 million—a significant payday for a hacker who has found himself on both sides of the law.
Business Insider
27 minutes ago
- Business Insider
Russian-backed paramilitary group assumes security role in Mali after Wagner pullout
The Africa Corps, a Kremlin-backed paramilitary force, announced it will maintain its presence in Mali following the recent departure of the Wagner mercenary group. The Africa Corps announced it will maintain its presence in Mali after Wagner's withdrawal. Wagner operated in Mali for over three years, reclaiming territories from Islamist militants. The Africa Corps aims to shift toward training local forces and supplying equipment. The Russian-backed Africa Corps has announced it will remain in Mali, following Wagner's decision to end its three-year mission fighting Islamist militants and begin withdrawing its forces. Wagner's involvement in Mali began after the country's military junta, which took power through two coups in 2020 and 2021, expelled French and United Nations troops who had been combating Islamist insurgents for nearly a decade. Wagner posted on social media that it had successfully reclaimed all of Mali's regional centers from Islamist forces, pushing them out and killing their commanders. Transition from Wagner to Africa Corps Following Wagner's exit, the Africa Corps was created with support from the Russian Defence Ministry after Wagner's founder, Yevgeny Prigozhin, and commander Dmitry Utkin led a failed mutiny against Russian army leadership and fled to Belarus, confirmed it would continue Russia's paramilitary presence in Mali. On its Telegram channel, the Africa Corps stated that Wagner's departure 'does not signify a loss of Russian influence,' adding, 'Russia does not lose ground, but on the contrary, continues to support Bamako now at a more fundamental level,' referring to Mali's capital city. Experts, including Ulf Laessing, head of the Sahel program at Germany's Konrad Adenauer Foundation, suggest this shift may signal a change in Russia's engagement from direct combat toward training local forces and providing equipment. Ongoing security challenges Despite the transition, Mali continues to face serious security threats. A series of recent attacks by Islamist insurgents reportedly killed more than 100 Malian soldiers and mercenaries. One bombing near Bamako targeted both Malian and Russian forces, illustrating the volatile situation. The insurgent group Jama'a Nusrat ul-Islam wa al-Muslimin (JNIM), active in the Sahel region, claimed responsibility for several recent attacks, further heightening the ongoing threat. The Malian defense ministry has not commented on the transition between Wagner and Africa Corps forces. Still, Russia's continuing paramilitary presence highlights the complex security landscape and Mali's reliance on foreign support to combat insurgency.
