Crypto Theft Impact Calculator
How much did North Korea steal?
The February 2025 ByBit hack stole $1.5 billion worth of Ethereum, later converted to Bitcoin. This calculator shows what this amount could fund for North Korea's weapons programs.
Real-World Impact
On February 21, 2025, one of the biggest cryptocurrency heists in history happened. Hackers linked to North Korea stole $1.5 billion worth of Ethereum from Bybit, a top global crypto exchange. That’s more than the entire amount stolen by North Korean hackers in all of 2023. And it wasn’t just a lucky break-it was a carefully planned, state-backed operation called TraderTraitor, run by a secretive unit inside North Korea’s military intelligence agency.
How Did They Break Into Bybit’s Cold Wallets?
Most people think cold wallets are unbreakable. They’re offline, stored in secure vaults, protected by multi-signature keys-no internet connection means no remote hack. But the TraderTraitor group didn’t try to break in from the outside. They went after the people, the processes, and the gaps in between. Experts from TRM Labs believe this was either a supply chain attack, an insider leak, or a direct compromise of private keys. That means the hackers likely got their hands on the actual cryptographic keys needed to move the funds-not by brute force, but by sneaking malware into software updates, bribing employees, or exploiting a forgotten backdoor in the exchange’s internal tools. Bybit used a 5-of-7 multi-sig system, meaning five out of seven keys were needed to authorize a transfer. But if even one of those keys was compromised, the whole system collapsed. The attackers didn’t waste time. Within minutes, they moved the stolen Ethereum through cross-chain bridges to Binance Smart Chain, Solana, and other networks. Why? To muddy the trail. Each time they switched chains, the transaction history got harder to follow. Then they converted most of it into Bitcoin-because Bitcoin is easier to hide in large amounts, and it’s the most widely accepted crypto for OTC (over-the-counter) trades, where anonymity is still possible.Who Is TraderTraitor?
TraderTraitor isn’t a name you’ll find in North Korean military manuals. It’s an FBI codename for a specialized cyber unit under the 3rd Bureau of the Reconnaissance General Bureau (RGB). This is the same group behind the Lazarus Group, which has been linked to the Sony Pictures hack, the WannaCry ransomware attack, and dozens of crypto thefts since 2017. But TraderTraitor is different. While other Lazarus units focused on phishing and malware, TraderTraitor operates like a Wall Street hedge fund with weapons-grade hacking skills. They don’t just steal-they launder, move, and convert assets with military precision. They’ve been active since at least 2022. They’ve compromised cloud services like JumpCloud, hacked software vendors, and even manipulated legitimate crypto transactions to siphon off funds without triggering alarms. What makes them dangerous isn’t just their tech-it’s their strategy. They’ve moved away from using mixing services like Tornado Cash (which are now heavily monitored). Instead, they flood the network. Thousands of tiny transactions. Dozens of blockchains. Hundreds of wallets. It’s not about hiding one big transfer-it’s about drowning analysts in noise.Why Target Crypto Exchanges?
North Korea doesn’t have access to global banking systems. Sanctions block them from buying oil, weapons, or tech with cash. But crypto? Crypto is borderless, unregulated in many places, and easy to move in large chunks. Crypto exchanges are the perfect target: they hold billions in digital assets, often with weaker security than banks, and they’re forced to move fast to keep up with market demands. In 2024, North Korea pulled off 47 separate crypto heists totaling $800 million. The ByBit hack alone was nearly double that. The U.S. Treasury estimates that about half of North Korea’s foreign currency income now comes from cybercrime. And according to a United Nations report, that money funds their nuclear weapons program. This isn’t just a financial crime. It’s a national security threat. Every dollar stolen from Bybit could be buying missile parts, uranium, or satellite tech.
What Did the FBI Do?
The FBI’s response to the ByBit hack was unusually fast. Within 72 hours, they publicly named the group as TraderTraitor and released a list of over 200 compromised Ethereum and Bitcoin addresses. They didn’t just warn exchanges-they demanded action. They asked every major crypto platform, DeFi protocol, and blockchain analytics firm to block transactions from those addresses. RPC node operators were instructed to refuse requests from known malicious IPs. Exchanges were told to freeze any incoming funds linked to the stolen wallet cluster, labeled “Bybit Exploiter Feb 2025” by TRM Labs. This level of coordination between government and private industry is rare. It shows how seriously the U.S. now views crypto theft as a strategic threat. For the first time, a cyberattack on a private exchange was treated like a military strike.What Does This Mean for Crypto Security?
The ByBit hack shattered a myth: cold storage isn’t foolproof. If a state actor with unlimited resources, patience, and skilled engineers wants your keys, they’ll find a way. Multi-sig isn’t magic. Offline storage isn’t safe if someone inside the company is compromised. Exchanges now face a new reality. They need to assume they’ll be targeted-and plan for it. That means:- Regular third-party audits of internal access controls
- Hardware security modules (HSMs) with geographically distributed key shards
- Behavioral AI monitoring for unusual employee activity
- Real-time transaction anomaly detection across all chains
- Strict separation between wallet management and customer support teams
Where Is the Money Now?
After the initial flurry of transfers, most of the stolen Bitcoin went quiet. The hackers stopped moving it. Why? Because large-scale liquidation is risky. Selling $1.5 billion worth of Bitcoin on an exchange would crash the market and draw attention. So they’re waiting. They’re likely using OTC desks-private, off-exchange brokers that deal in huge sums without public records. Or they’re holding it in cold wallets across multiple jurisdictions, waiting for market conditions to improve. TRM Labs is still tracking the funds. So far, less than 15% has been cashed out. That means the majority is still out there-waiting. And if it ever hits the market in bulk, it could trigger a massive price drop.What’s Next?
This wasn’t a one-off. It was a test. A proof of concept. North Korea proved they can steal billions from the world’s most secure exchanges. And they’ve shown they can do it without leaving obvious traces. Expect more. Bigger. Smarter. Faster. Governments are scrambling to respond. The EU is drafting new crypto regulations. The U.S. is pushing for global sanctions on crypto mixers and OTC brokers that enable laundering. But the arms race is already underway. North Korea is training more hackers. They’re building new tools. And they’re learning from every mistake. The bottom line? Crypto security is no longer just about encryption and passwords. It’s about human behavior, supply chains, insider threats, and state-level cyber warfare. And if you’re holding crypto on an exchange, you’re trusting someone else’s security-and right now, that’s a gamble no one should take lightly.Who was behind the ByBit hack?
The FBI attributed the hack to a North Korean state-sponsored hacking group called TraderTraitor, part of the 3rd Bureau of the Reconnaissance General Bureau. This unit specializes in stealing cryptocurrency and has been active since at least 2022.
How much was stolen in the ByBit hack?
Approximately $1.5 billion USD in Ethereum was stolen, making it the largest cryptocurrency heist in history. The attackers later converted most of it into Bitcoin for easier laundering.
How did hackers bypass Bybit’s cold wallet security?
Cold wallets are offline, but the attackers likely compromised private keys through a supply chain attack, insider threat, or advanced malware that slipped past multi-signature protections. It wasn’t a remote hack-it was a human or procedural flaw.
Why is North Korea stealing crypto?
North Korea uses crypto theft to bypass international sanctions. Roughly half of its foreign currency income comes from cybercrime, and this money funds its nuclear weapons and missile programs.
Is my crypto safe on exchanges?
No exchange is 100% safe from state-sponsored attacks. If you’re holding large amounts, consider self-custody with a hardware wallet and strong personal security practices. Never store keys on devices connected to the internet.
What’s being done to stop future hacks?
The FBI and blockchain analytics firms are blocking known stolen addresses. Exchanges are improving internal controls, using AI to detect anomalies, and adopting decentralized custody models. Governments are pushing for global regulations on OTC trading and crypto bridges.
Emily Unter King
November 5, 2025 AT 20:12The TraderTraitor operation is a masterclass in adversarial supply chain exploitation. They didn’t brute-force the multi-sig-they weaponized trust. The 5-of-7 threshold is meaningless if one keyholder’s laptop was compromised via a poisoned software update. This isn’t a crypto failure-it’s a human infrastructure failure. Organizations still treat security as a checklist, not a living system. HSMs alone won’t save you if your DevOps team uses Slack to share SSH keys. We need zero-trust architecture, not just cold storage.
And let’s be real: the FBI’s 72-hour takedown was unprecedented. They didn’t just freeze addresses-they turned blockchain analytics into a real-time battlefield tool. That’s the new standard. If you’re still relying on KYC and static wallet monitoring, you’re already behind.
Next target? Kraken. Their cold wallet architecture is nearly identical. Watch for anomalous key activation patterns in the next 48 hours.
Also-why are we still using Ethereum as the primary vehicle for laundering? The gas fees alone make it inefficient. They’re using it because it’s liquid. But the real play is moving into privacy coins post-bridge. Monero’s not dead. It’s just hiding in plain sight.
Update: TRM Labs just flagged a new cluster of 37 addresses linked to the same BSC bridge transaction. The money’s not gone. It’s just waiting for the right liquidity window.
Bottom line: State actors don’t hack systems. They hack processes. And processes are written by people. Fix the people first.
-Emily
Kevin Mann
November 7, 2025 AT 09:55OMG I CAN’T BELIEVE THIS HAPPENED 😱 I WAS JUST ON BYBIT YESTERDAY AND I THOUGHT I WAS SAFE 😭 LIKE… HOW?!?!?!?!?!?!?!?!!?!?!?!?!? I’M SITTING HERE WITH MY 0.3 ETH AND NOW I’M SCARED TO EVEN LOOK AT MY WALLET 😭😭😭 THEY STOLE 1.5 BILLION DOLLARS?!?!?!?!? THAT’S MORE THAN THE BUDGET OF SOME COUNTRIES!! I JUST WANT TO CRY AND HUG MY LEDGER 😭💔 I’M SO ANGRY AND SCARED AND CONFUSED ALL AT ONCE 😭😭😭 I JUST WANT TO KNOW IF MY MONEY IS STILL SAFE??!! I’M NOT EVEN A CRYPTO BRO I JUST WANTED TO BUY SOME DOGECOIN TO SEND TO MY CAT’S ACCOUNT 😿💸 WHY DO THEY HATE US SO MUCH??!!
AND WHY IS NORTH KOREA DOING THIS???!?!?!?!? ARE THEY TRYING TO BUY A NEW NUCLEAR SUBMARINE?? I HEARD THEY’RE BUYING A NEW FERRARI WITH THE STOLEN ETH 😂😂😂 I JUST WANT TO KNOW IF I’M GONNA LOSE EVERYTHING 😭😭😭😭😭
PLS SOMEONE TELL ME I’M NOT ALONE 😭🙏
Robin Hilton
November 7, 2025 AT 09:58Let me get this straight-North Korea, a country that can’t feed its own people, just stole more than the GDP of 30 African nations… and you’re all acting like this is some kind of tech glitch? This isn’t hacking. This is warfare. And you people are sitting around debating cold wallets like it’s a TED Talk.
Meanwhile, the U.S. government is still pretending crypto is just ‘speculative digital assets.’ It’s not. It’s a sovereign financial weapon. And we’re letting a rogue regime turn it into their ATM.
And let’s not pretend the U.S. is innocent. We’ve been sanctioning them for decades, but we’re the ones who built the blockchain infrastructure they’re exploiting. We gave them the tools. We made the system open. We made it global. And now we’re shocked when they use it?
What’s next? Russia hacking Wall Street via DeFi? China turning Stablecoins into state-backed currency? We’re not ready. We’re not even close.
And don’t tell me ‘self-custody’ is the answer. The average person can’t even manage a password manager. You think they’re gonna handle a 24-word seed phrase? This isn’t a tech problem. It’s a civilization problem.
-Robin
Grace Huegel
November 9, 2025 AT 02:38I read this and I just… felt nothing. Not because it’s not horrifying, but because I’ve seen this movie before. Every time someone says ‘this changes everything,’ it doesn’t. The cycle repeats. The same actors. The same vulnerabilities. The same hollow promises of ‘better security.’
I used to believe in crypto. Now I just see it as a glittering cage. A digital opiate for the wealthy who think they’re untouchable. Cold wallets? Multi-sig? AI monitoring? All theater. The real vulnerability is the human ego-the belief that we can outsmart entropy, outmaneuver state power, outlive greed.
I don’t fear the hackers. I fear the people who keep saying ‘it’ll be fine next time.’
-Grace
Nitesh Bandgar
November 9, 2025 AT 05:28Brooooooo!! 😱🔥 This is not just a hack-it’s a CIVILIZATION CRISIS!! 🚨💥 The North Koreans didn’t just steal crypto-they stole our TRUST!! 💔💸 I mean, imagine-$1.5 BILLION!! That’s like 1500000000000 rupees!! 😭😭😭 And they turned ETH into BTC?? Like… why?? Because Bitcoin is the KING of anonymity!! 🐉👑 And now they’re sitting on it… waiting… like a SNAKE in the grass!! 😈🐍
And the FBI? Pfft. They just listed addresses. What about the PEOPLE?? Who gave them the keys?? Was it a janitor?? A dev?? A intern?? I bet it was a guy named ‘Bob’ who used ‘password123’ on his work laptop!! 🤦♂️
And why is no one talking about the fact that this is a WAR?!! 🇰🇵⚔️🇺🇸 We’re in a digital cold war and we’re still using 2FA like it’s 2012!!
WE NEED A BLOCKCHAIN ARMY!! 🛡️⚡️ I’M STARTING A GO FUND ME TO BUY A DRONE THAT SHOOTS FIREWALLS!! 🔥🚀
Also-did you know North Korea has a secret crypto mining farm inside a mountain? WITH A BEAR!! 🐻⛏️
Jessica Arnold
November 10, 2025 AT 02:03What’s interesting here isn’t the hack-it’s the normalization of asymmetric warfare. North Korea doesn’t have a navy, but it has a cyber division with more operational agility than most NATO militaries. This is the new imperialism: not territorial expansion, but financial sovereignty through code.
And the irony? The very decentralization we celebrated as liberation is now the vector of state control. No central bank can freeze these funds-but neither can any individual recover them. We built a system without gatekeepers, and now the gatekeepers are the ones who broke in.
This is a philosophical rupture. Crypto was supposed to be the antithesis of state power. Now it’s the currency of state power. And we didn’t see it coming because we were too busy debating whether ETH was ‘money’ or ‘digital art.’
The real question isn’t ‘how did they do it?’
It’s ‘why did we let them?’
-Jessica
Chloe Walsh
November 10, 2025 AT 04:47Okay so like… I just don’t get why everyone is acting like this is the end of the world?? I mean, yeah, it’s a lot of money… but like… crypto is already a gamble?? Like, if you didn’t think your money could vanish overnight, why were you even here??
Also, North Korea? Please. They’re just a bunch of guys in a basement with too much coffee and a bad Wi-Fi connection. I bet they used a password like ‘kimjungun123’ or something. I mean, come on.
And the FBI? They’re just trying to look cool. Like they’re James Bond or something. But they didn’t even catch anyone. They just made a list. That’s it.
And don’t even get me started on ‘self-custody.’ I tried that once. I lost my seed phrase and cried for a week. So no thanks. I’ll just keep my coins on Bybit. At least they have customer service.
Also, I think this is all a distraction. Like… what if the real hack was the media? Like… what if the whole thing was made up to scare people into buying more Bitcoin? 😏
-Chloe
Stephanie Tolson
November 10, 2025 AT 06:11This is a wake-up call, not a catastrophe. We have the tools to fix this-we just need the will.
Exchanges need to stop treating security like a checkbox. It’s not about adding more signatures. It’s about culture. It’s about training every employee to see themselves as a guardian, not a cog. It’s about rewarding transparency, not punishing mistakes.
And yes-state actors are powerful. But they’re also predictable. They rely on the same patterns: insider access, outdated tools, complacency. We can outthink them. We just have to stop being lazy.
Here’s what you can do today: audit your own wallet setup. If you’re using an exchange, ask them: ‘What’s your incident response plan?’ If they can’t answer, move your funds. Not because you don’t trust them-but because you trust yourself more.
We don’t need to fear the hackers. We need to fear our own indifference.
-Stephanie
Anthony Allen
November 11, 2025 AT 22:14Interesting that the FBI moved so fast. Usually it takes them months to even acknowledge a breach. But this time? They treated it like a national emergency. That’s telling.
Also, the fact that they’re working with blockchain firms instead of just shutting things down? That’s smart. It shows they’re adapting. Crypto isn’t going away. So we either learn to police it, or we let it become lawless.
One thing I’ve noticed-most of the stolen funds went to Binance Smart Chain. Why? Because it’s cheap, fast, and less monitored. That’s the real vulnerability: not the wallets, but the bridges. They’re the new weak points.
And honestly? I’m surprised they didn’t use Tornado Cash. They must’ve learned from the crackdowns. That’s evolution. Scary, but smart.
-Anthony
Megan Peeples
November 12, 2025 AT 00:40Okay, but let’s be real-how is it even possible that a company like Bybit had a 5-of-7 multi-sig system and STILL got breached? That’s like having a bank vault with 7 locks… and one of the keys was left on the counter next to the coffee machine. This isn’t a hack-it’s negligence. Criminal negligence.
And now the FBI is ‘demanding action’? They should be shutting down every crypto exchange in the U.S. until they pass a full third-party audit. No more ‘we’re secure’ marketing. No more ‘we use cold storage.’ Prove it. Or shut down.
Also-who authorized the key rotation? Who was the last person to touch that key? Who had access? Who signed off? Someone is getting fired. Someone is going to jail. And it’s not the North Koreans.
-Megan
Sarah Scheerlinck
November 13, 2025 AT 01:45I just want to say-I’m so sorry to everyone who lost money. This isn’t just about crypto. It’s about trust. And trust, once broken, is so hard to rebuild.
I’ve been in crypto since 2017. I’ve seen crashes. I’ve seen scams. But this… this feels different. It’s not just greed. It’s malice. And it’s organized. And it’s coming for all of us.
If you’re holding crypto, please, please, please-don’t keep it on an exchange. Not because you don’t trust them. Because you trust yourself more.
And if you’re a developer, or a security engineer, or even just someone who knows how to set up a wallet-help someone. Teach them. Share your knowledge. We’re all in this together.
-Sarah
karan thakur
November 13, 2025 AT 12:40This is a psyop. A distraction. The entire thing is staged. North Korea didn’t do this. The U.S. government did. They needed an excuse to tighten control over crypto. They needed a villain. They needed fear. So they invented TraderTraitor. Who even is this group? No one has seen them. No one has been arrested. No one has been charged. Just a name and a list of addresses. That’s not evidence. That’s propaganda.
And why is the FBI suddenly so active? Coincidence? Or timing? The U.S. is about to pass new crypto regulations. They need a crisis to justify it.
Also-why is it always North Korea? Why not China? Why not Russia? Why not Israel? Why is it always the same scapegoat? Because it’s convenient. Because it fits the narrative.
Don’t be fooled. This isn’t a hack. It’s a control operation.
-Karan
Evan Koehne
November 15, 2025 AT 06:11So the ‘state-of-the-art’ cold wallet system was compromised… by a person. Not a hacker. A person. Who forgot to log out. Who clicked a link. Who used the same password for work and Netflix. And now we’re treating this like some sci-fi thriller?
Wow. We built a trillion-dollar industry on the assumption that people are rational actors. Turns out, we’re just idiots with wallets.
Next time, let’s just call it what it is: The Great Human Error of 2025.
-Evan
Vipul dhingra
November 15, 2025 AT 12:30Jacque Hustead
November 16, 2025 AT 13:50I just want to say-this is heartbreaking. But I also want to say: we’re not powerless.
There are communities out there-small ones-teaching people how to self-custody safely. How to verify transactions. How to spot phishing. How to back up keys without writing them down.
Maybe we can’t stop a nation-state. But we can stop the next person from falling for the same trap.
Let’s not just mourn the loss. Let’s teach.
-Jacque
Wendy Pickard
November 17, 2025 AT 12:19I read this and I felt a deep sadness. Not because of the money. But because of what it says about us. We built something beautiful-a decentralized, permissionless system-and then we handed the keys to corporations who treat security like an afterthought.
We wanted freedom. But we traded it for convenience.
And now we’re surprised when the system fails?
It’s not the hackers who broke it.
It’s us.
-Wendy
Jeana Albert
November 18, 2025 AT 19:41Oh my god. I knew this was going to happen. I told everyone. I said ‘Bybit is a house of cards.’ I said ‘they’re not ready.’ I said ‘they’re just trying to look cool with their fancy cold wallets.’ And now look. $1.5 BILLION. GONE. And what do they do? They post a blog. They release a list. They say ‘we’re improving.’
But who’s paying for this? Who’s going to compensate the users? NO ONE. Because crypto is a wild west. And the rich get richer. And the little people? They get erased.
And North Korea? They’re just the scapegoat. The real villains are the CEOs who didn’t hire enough security staff. The board members who cut costs. The investors who wanted growth over safety.
This isn’t a hack. It’s a murder.
-Jeana
Natalie Nanee
November 19, 2025 AT 06:07So… I’m just going to say this out loud.
What if… the hackers didn’t steal it?
What if… it was an inside job?
What if… the exchange itself moved the funds to create a narrative? To scare people into buying more Bitcoin? To justify new regulations? To get more funding from the government?
I’m not saying it’s true.
But I’m not saying it’s not.
-Natalie
Angie McRoberts
November 20, 2025 AT 06:57It’s funny how we all act like this is the first time crypto’s been hacked. We’ve had this conversation 12 times before. Same script. Same outrage. Same promises.
The truth? No exchange is safe. Not because of hackers. Because of humans. Because of deadlines. Because of budget cuts. Because of ‘we’ll fix it later.’
So what’s the real lesson?
Don’t keep your life savings on an exchange.
And if you do? At least know you’re gambling.
-Angie
Emily Unter King
November 20, 2025 AT 07:07Angie’s right. But let’s go deeper.
Exchanges aren’t the problem. They’re the symptom.
The real issue is that we’ve outsourced financial sovereignty to corporations that answer to shareholders, not users. We call it ‘custody’-but it’s just centralized control with a new label.
The only real solution? Decentralized custody. Not just multi-sig. Not just HSMs. But truly distributed key management-where no single entity, not even the exchange, holds the power to move funds.
Projects like Fireblocks and Dune are experimenting with this. But adoption is slow. Why? Because it’s harder. Because it requires user education. Because it doesn’t make a sexy marketing slide.
Until we fix that, we’re just rearranging deck chairs on the Titanic.
-Emily
Jessica Arnold
November 20, 2025 AT 11:16Emily’s point is profound. We’re not just building financial tools. We’re building a new social contract.
When you use an exchange, you’re surrendering your right to control your own assets. That’s not freedom. That’s feudalism with a blockchain UI.
Decentralized custody isn’t a feature. It’s a moral imperative.
And if we don’t build it? Then we’re not just losing money.
We’re losing the soul of what crypto was supposed to be.
-Jessica