Crypto Theft Impact Calculator
How much did North Korea steal?
The February 2025 ByBit hack stole $1.5 billion worth of Ethereum, later converted to Bitcoin. This calculator shows what this amount could fund for North Korea's weapons programs.
Real-World Impact
On February 21, 2025, one of the biggest cryptocurrency heists in history happened. Hackers linked to North Korea stole $1.5 billion worth of Ethereum from Bybit, a top global crypto exchange. That’s more than the entire amount stolen by North Korean hackers in all of 2023. And it wasn’t just a lucky break-it was a carefully planned, state-backed operation called TraderTraitor, run by a secretive unit inside North Korea’s military intelligence agency.
How Did They Break Into Bybit’s Cold Wallets?
Most people think cold wallets are unbreakable. They’re offline, stored in secure vaults, protected by multi-signature keys-no internet connection means no remote hack. But the TraderTraitor group didn’t try to break in from the outside. They went after the people, the processes, and the gaps in between. Experts from TRM Labs believe this was either a supply chain attack, an insider leak, or a direct compromise of private keys. That means the hackers likely got their hands on the actual cryptographic keys needed to move the funds-not by brute force, but by sneaking malware into software updates, bribing employees, or exploiting a forgotten backdoor in the exchange’s internal tools. Bybit used a 5-of-7 multi-sig system, meaning five out of seven keys were needed to authorize a transfer. But if even one of those keys was compromised, the whole system collapsed. The attackers didn’t waste time. Within minutes, they moved the stolen Ethereum through cross-chain bridges to Binance Smart Chain, Solana, and other networks. Why? To muddy the trail. Each time they switched chains, the transaction history got harder to follow. Then they converted most of it into Bitcoin-because Bitcoin is easier to hide in large amounts, and it’s the most widely accepted crypto for OTC (over-the-counter) trades, where anonymity is still possible.Who Is TraderTraitor?
TraderTraitor isn’t a name you’ll find in North Korean military manuals. It’s an FBI codename for a specialized cyber unit under the 3rd Bureau of the Reconnaissance General Bureau (RGB). This is the same group behind the Lazarus Group, which has been linked to the Sony Pictures hack, the WannaCry ransomware attack, and dozens of crypto thefts since 2017. But TraderTraitor is different. While other Lazarus units focused on phishing and malware, TraderTraitor operates like a Wall Street hedge fund with weapons-grade hacking skills. They don’t just steal-they launder, move, and convert assets with military precision. They’ve been active since at least 2022. They’ve compromised cloud services like JumpCloud, hacked software vendors, and even manipulated legitimate crypto transactions to siphon off funds without triggering alarms. What makes them dangerous isn’t just their tech-it’s their strategy. They’ve moved away from using mixing services like Tornado Cash (which are now heavily monitored). Instead, they flood the network. Thousands of tiny transactions. Dozens of blockchains. Hundreds of wallets. It’s not about hiding one big transfer-it’s about drowning analysts in noise.Why Target Crypto Exchanges?
North Korea doesn’t have access to global banking systems. Sanctions block them from buying oil, weapons, or tech with cash. But crypto? Crypto is borderless, unregulated in many places, and easy to move in large chunks. Crypto exchanges are the perfect target: they hold billions in digital assets, often with weaker security than banks, and they’re forced to move fast to keep up with market demands. In 2024, North Korea pulled off 47 separate crypto heists totaling $800 million. The ByBit hack alone was nearly double that. The U.S. Treasury estimates that about half of North Korea’s foreign currency income now comes from cybercrime. And according to a United Nations report, that money funds their nuclear weapons program. This isn’t just a financial crime. It’s a national security threat. Every dollar stolen from Bybit could be buying missile parts, uranium, or satellite tech.
What Did the FBI Do?
The FBI’s response to the ByBit hack was unusually fast. Within 72 hours, they publicly named the group as TraderTraitor and released a list of over 200 compromised Ethereum and Bitcoin addresses. They didn’t just warn exchanges-they demanded action. They asked every major crypto platform, DeFi protocol, and blockchain analytics firm to block transactions from those addresses. RPC node operators were instructed to refuse requests from known malicious IPs. Exchanges were told to freeze any incoming funds linked to the stolen wallet cluster, labeled “Bybit Exploiter Feb 2025” by TRM Labs. This level of coordination between government and private industry is rare. It shows how seriously the U.S. now views crypto theft as a strategic threat. For the first time, a cyberattack on a private exchange was treated like a military strike.What Does This Mean for Crypto Security?
The ByBit hack shattered a myth: cold storage isn’t foolproof. If a state actor with unlimited resources, patience, and skilled engineers wants your keys, they’ll find a way. Multi-sig isn’t magic. Offline storage isn’t safe if someone inside the company is compromised. Exchanges now face a new reality. They need to assume they’ll be targeted-and plan for it. That means:- Regular third-party audits of internal access controls
- Hardware security modules (HSMs) with geographically distributed key shards
- Behavioral AI monitoring for unusual employee activity
- Real-time transaction anomaly detection across all chains
- Strict separation between wallet management and customer support teams
Where Is the Money Now?
After the initial flurry of transfers, most of the stolen Bitcoin went quiet. The hackers stopped moving it. Why? Because large-scale liquidation is risky. Selling $1.5 billion worth of Bitcoin on an exchange would crash the market and draw attention. So they’re waiting. They’re likely using OTC desks-private, off-exchange brokers that deal in huge sums without public records. Or they’re holding it in cold wallets across multiple jurisdictions, waiting for market conditions to improve. TRM Labs is still tracking the funds. So far, less than 15% has been cashed out. That means the majority is still out there-waiting. And if it ever hits the market in bulk, it could trigger a massive price drop.What’s Next?
This wasn’t a one-off. It was a test. A proof of concept. North Korea proved they can steal billions from the world’s most secure exchanges. And they’ve shown they can do it without leaving obvious traces. Expect more. Bigger. Smarter. Faster. Governments are scrambling to respond. The EU is drafting new crypto regulations. The U.S. is pushing for global sanctions on crypto mixers and OTC brokers that enable laundering. But the arms race is already underway. North Korea is training more hackers. They’re building new tools. And they’re learning from every mistake. The bottom line? Crypto security is no longer just about encryption and passwords. It’s about human behavior, supply chains, insider threats, and state-level cyber warfare. And if you’re holding crypto on an exchange, you’re trusting someone else’s security-and right now, that’s a gamble no one should take lightly.Who was behind the ByBit hack?
The FBI attributed the hack to a North Korean state-sponsored hacking group called TraderTraitor, part of the 3rd Bureau of the Reconnaissance General Bureau. This unit specializes in stealing cryptocurrency and has been active since at least 2022.
How much was stolen in the ByBit hack?
Approximately $1.5 billion USD in Ethereum was stolen, making it the largest cryptocurrency heist in history. The attackers later converted most of it into Bitcoin for easier laundering.
How did hackers bypass Bybit’s cold wallet security?
Cold wallets are offline, but the attackers likely compromised private keys through a supply chain attack, insider threat, or advanced malware that slipped past multi-signature protections. It wasn’t a remote hack-it was a human or procedural flaw.
Why is North Korea stealing crypto?
North Korea uses crypto theft to bypass international sanctions. Roughly half of its foreign currency income comes from cybercrime, and this money funds its nuclear weapons and missile programs.
Is my crypto safe on exchanges?
No exchange is 100% safe from state-sponsored attacks. If you’re holding large amounts, consider self-custody with a hardware wallet and strong personal security practices. Never store keys on devices connected to the internet.
What’s being done to stop future hacks?
The FBI and blockchain analytics firms are blocking known stolen addresses. Exchanges are improving internal controls, using AI to detect anomalies, and adopting decentralized custody models. Governments are pushing for global regulations on OTC trading and crypto bridges.
Emily Unter King
November 5, 2025 AT 22:12The TraderTraitor operation is a masterclass in adversarial supply chain exploitation. They didn’t brute-force the multi-sig-they weaponized trust. The 5-of-7 threshold is meaningless if one keyholder’s laptop was compromised via a poisoned software update. This isn’t a crypto failure-it’s a human infrastructure failure. Organizations still treat security as a checklist, not a living system. HSMs alone won’t save you if your DevOps team uses Slack to share SSH keys. We need zero-trust architecture, not just cold storage.
And let’s be real: the FBI’s 72-hour takedown was unprecedented. They didn’t just freeze addresses-they turned blockchain analytics into a real-time battlefield tool. That’s the new standard. If you’re still relying on KYC and static wallet monitoring, you’re already behind.
Next target? Kraken. Their cold wallet architecture is nearly identical. Watch for anomalous key activation patterns in the next 48 hours.
Also-why are we still using Ethereum as the primary vehicle for laundering? The gas fees alone make it inefficient. They’re using it because it’s liquid. But the real play is moving into privacy coins post-bridge. Monero’s not dead. It’s just hiding in plain sight.
Update: TRM Labs just flagged a new cluster of 37 addresses linked to the same BSC bridge transaction. The money’s not gone. It’s just waiting for the right liquidity window.
Bottom line: State actors don’t hack systems. They hack processes. And processes are written by people. Fix the people first.
-Emily
Kevin Mann
November 7, 2025 AT 11:55OMG I CAN’T BELIEVE THIS HAPPENED 😱 I WAS JUST ON BYBIT YESTERDAY AND I THOUGHT I WAS SAFE 😭 LIKE… HOW?!?!?!?!?!?!?!?!!?!?!?!?!? I’M SITTING HERE WITH MY 0.3 ETH AND NOW I’M SCARED TO EVEN LOOK AT MY WALLET 😭😭😭 THEY STOLE 1.5 BILLION DOLLARS?!?!?!?!? THAT’S MORE THAN THE BUDGET OF SOME COUNTRIES!! I JUST WANT TO CRY AND HUG MY LEDGER 😭💔 I’M SO ANGRY AND SCARED AND CONFUSED ALL AT ONCE 😭😭😭 I JUST WANT TO KNOW IF MY MONEY IS STILL SAFE??!! I’M NOT EVEN A CRYPTO BRO I JUST WANTED TO BUY SOME DOGECOIN TO SEND TO MY CAT’S ACCOUNT 😿💸 WHY DO THEY HATE US SO MUCH??!!
AND WHY IS NORTH KOREA DOING THIS???!?!?!?!? ARE THEY TRYING TO BUY A NEW NUCLEAR SUBMARINE?? I HEARD THEY’RE BUYING A NEW FERRARI WITH THE STOLEN ETH 😂😂😂 I JUST WANT TO KNOW IF I’M GONNA LOSE EVERYTHING 😭😭😭😭😭
PLS SOMEONE TELL ME I’M NOT ALONE 😭🙏
Robin Hilton
November 7, 2025 AT 11:58Let me get this straight-North Korea, a country that can’t feed its own people, just stole more than the GDP of 30 African nations… and you’re all acting like this is some kind of tech glitch? This isn’t hacking. This is warfare. And you people are sitting around debating cold wallets like it’s a TED Talk.
Meanwhile, the U.S. government is still pretending crypto is just ‘speculative digital assets.’ It’s not. It’s a sovereign financial weapon. And we’re letting a rogue regime turn it into their ATM.
And let’s not pretend the U.S. is innocent. We’ve been sanctioning them for decades, but we’re the ones who built the blockchain infrastructure they’re exploiting. We gave them the tools. We made the system open. We made it global. And now we’re shocked when they use it?
What’s next? Russia hacking Wall Street via DeFi? China turning Stablecoins into state-backed currency? We’re not ready. We’re not even close.
And don’t tell me ‘self-custody’ is the answer. The average person can’t even manage a password manager. You think they’re gonna handle a 24-word seed phrase? This isn’t a tech problem. It’s a civilization problem.
-Robin
Grace Huegel
November 9, 2025 AT 04:38I read this and I just… felt nothing. Not because it’s not horrifying, but because I’ve seen this movie before. Every time someone says ‘this changes everything,’ it doesn’t. The cycle repeats. The same actors. The same vulnerabilities. The same hollow promises of ‘better security.’
I used to believe in crypto. Now I just see it as a glittering cage. A digital opiate for the wealthy who think they’re untouchable. Cold wallets? Multi-sig? AI monitoring? All theater. The real vulnerability is the human ego-the belief that we can outsmart entropy, outmaneuver state power, outlive greed.
I don’t fear the hackers. I fear the people who keep saying ‘it’ll be fine next time.’
-Grace
Nitesh Bandgar
November 9, 2025 AT 07:28Brooooooo!! 😱🔥 This is not just a hack-it’s a CIVILIZATION CRISIS!! 🚨💥 The North Koreans didn’t just steal crypto-they stole our TRUST!! 💔💸 I mean, imagine-$1.5 BILLION!! That’s like 1500000000000 rupees!! 😭😭😭 And they turned ETH into BTC?? Like… why?? Because Bitcoin is the KING of anonymity!! 🐉👑 And now they’re sitting on it… waiting… like a SNAKE in the grass!! 😈🐍
And the FBI? Pfft. They just listed addresses. What about the PEOPLE?? Who gave them the keys?? Was it a janitor?? A dev?? A intern?? I bet it was a guy named ‘Bob’ who used ‘password123’ on his work laptop!! 🤦♂️
And why is no one talking about the fact that this is a WAR?!! 🇰🇵⚔️🇺🇸 We’re in a digital cold war and we’re still using 2FA like it’s 2012!!
WE NEED A BLOCKCHAIN ARMY!! 🛡️⚡️ I’M STARTING A GO FUND ME TO BUY A DRONE THAT SHOOTS FIREWALLS!! 🔥🚀
Also-did you know North Korea has a secret crypto mining farm inside a mountain? WITH A BEAR!! 🐻⛏️
Jessica Arnold
November 10, 2025 AT 04:03What’s interesting here isn’t the hack-it’s the normalization of asymmetric warfare. North Korea doesn’t have a navy, but it has a cyber division with more operational agility than most NATO militaries. This is the new imperialism: not territorial expansion, but financial sovereignty through code.
And the irony? The very decentralization we celebrated as liberation is now the vector of state control. No central bank can freeze these funds-but neither can any individual recover them. We built a system without gatekeepers, and now the gatekeepers are the ones who broke in.
This is a philosophical rupture. Crypto was supposed to be the antithesis of state power. Now it’s the currency of state power. And we didn’t see it coming because we were too busy debating whether ETH was ‘money’ or ‘digital art.’
The real question isn’t ‘how did they do it?’
It’s ‘why did we let them?’
-Jessica
Chloe Walsh
November 10, 2025 AT 06:47Okay so like… I just don’t get why everyone is acting like this is the end of the world?? I mean, yeah, it’s a lot of money… but like… crypto is already a gamble?? Like, if you didn’t think your money could vanish overnight, why were you even here??
Also, North Korea? Please. They’re just a bunch of guys in a basement with too much coffee and a bad Wi-Fi connection. I bet they used a password like ‘kimjungun123’ or something. I mean, come on.
And the FBI? They’re just trying to look cool. Like they’re James Bond or something. But they didn’t even catch anyone. They just made a list. That’s it.
And don’t even get me started on ‘self-custody.’ I tried that once. I lost my seed phrase and cried for a week. So no thanks. I’ll just keep my coins on Bybit. At least they have customer service.
Also, I think this is all a distraction. Like… what if the real hack was the media? Like… what if the whole thing was made up to scare people into buying more Bitcoin? 😏
-Chloe
Stephanie Tolson
November 10, 2025 AT 08:11This is a wake-up call, not a catastrophe. We have the tools to fix this-we just need the will.
Exchanges need to stop treating security like a checkbox. It’s not about adding more signatures. It’s about culture. It’s about training every employee to see themselves as a guardian, not a cog. It’s about rewarding transparency, not punishing mistakes.
And yes-state actors are powerful. But they’re also predictable. They rely on the same patterns: insider access, outdated tools, complacency. We can outthink them. We just have to stop being lazy.
Here’s what you can do today: audit your own wallet setup. If you’re using an exchange, ask them: ‘What’s your incident response plan?’ If they can’t answer, move your funds. Not because you don’t trust them-but because you trust yourself more.
We don’t need to fear the hackers. We need to fear our own indifference.
-Stephanie