Cryptocurrency exchange Bybit said last week hackers had stolen digital tokens worth around $1.5 billion, in what researchers called the biggest crypto heist of all time.

Bybit CEO Ben Zhou said the crypto was taken from a "cold wallet" - a digital wallet usually stored offline and so supposedly more secure - that was used for ether tokens.

Blockchain research firm Elliptic said the hack was more than double the last-biggest crypto heist and "is almost certainly the single largest known theft of any kind in all time."

The crypto industry has suffered a series of thefts, prompting questions about the security of customer funds, with hacking hauls totalling more than $2 billion in 2024 - the fourth straight year where proceeds have topped more than $1 billion.

The Federal Bureau of Investigation (FBI) said on Wednesday that North Korea was responsible for the theft.

The agency said it refers to this specific North Korean malicious cyber activity as "TraderTraitor".

"TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains," it said in a public service announcement.

The FBI said it is expected the assets will be further laundered and eventually converted to fiat currency.

How did they do it?

According to a report by The Independent, the North Korea-backed group, known as Lazarus, has previously caused worldwide chaos through the 2017 WannaCry ransomware attacks, which infected 200,000 computers across 150 countries, including those of UK's NHS.

Explaining how the theft occurred, Shahar Madar, vice president of security and trust at blockchain platform Fireblocks, told The Independent, “A security system is only as strong as its weakest link. In Bybit’s case, there was a security loophole when Ledger [a hardware wallet] and Safe{Wallet} [a digital wallet app] were used together.”

“Hackers likely used malware to secretly modify what users saw on the Safe{Wallet} interface. Users thought they were approving a normal transaction, when in reality, they were approving a different, manipulated one. Ledger required users to approve transactions without showing full details (known as “blind signing”). This meant users couldn’t see what they were actually approving, making it easy for hackers to trick them,” he added.

Elliptic wrote in its blog post, "North Korea's Lazarus Group is the most sophisticated and well-resourced launderer of cryptoassets in existence, continually adapting its techniques to evade identification and seizure of stolen assets. The transparency of blockchains means that this transaction trail can be followed, but these layering tactics can complicate the tracing process, buying the launderers valuable time to cash-out the assets."

The firm has been working alongside ByBit to help the crypto exchange platform recover its assets. The heist has had a massive effect on crypto values, with Bitcoin falling to its lowest since November 11.

Bybit CEO Zhou has called for a “war against Lazarus”, issuing a $140 million bounty to recover the funds and provide information about the group.

“We have shared in a dark moment of crypto history, and we’ve proven we are better than the malicious actors”, said Zhou, adding “We will not stop until Lazarus or bad actors in the industry are eliminated.”

(With Reuters Inputs)