“In the wake of the Bybit hack, it is essential that the United States redouble its efforts to prevent North Korean crypto theft.”

WASHINGTON, DC – Today, U.S. Senators Elizabeth Warren (D-MA), Ranking Member of the Senate Banking, Housing, and Urban Affairs Committee, and Jack Reed (D-RI), a senior member of the committee, sent a letter to Secretary of the Treasury Scott Bessent and Attorney General Pam Bondi requesting information on efforts to combat increasingly aggressive and frequent cyber-attacks by ransomware groups based in North Korea.

In February, the Lazarus Group, a hacker syndicate backed by the North Korean government, stole approximately $1.5 billion in digital currency from Bybit, a popular cryptocurrency exchange. In the letter, the senators warn the attack marks a dangerous escalation in North Korea’s use of crypto theft to evade sanctions and fund its weapons programs — a direct threat to U.S. national security and global stability.

“In the wake of this attack—the ‘largest crypto theft of all time’—we write to request information regarding your efforts to combat increasingly aggressive and frequent cyber-attacks by ransomware groups based in North Korea,” wrote the senators.

They continued: “North Korea relies on cryptocurrency theft to subvert U.S.-led international sanctions and to undermine the security of the United States and our Indo-Pacific allies… These stolen assets have helped keep the regime afloat and supported continued investments in its nuclear and conventional weapons programs. Reports suggest there are potentially thousands of North Korean-affiliated crypto hackers around the globe.”

The senators press the agencies on how they are responding to the evolving tactics of North Korean hackers and what tools they need to prevent future attacks. This comes as Senate Republicans attempt to advance the GENIUS Act — legislation that, as currently drafted, would dramatically expand the stablecoin market with few guardrails and inadequate national security protections. A vote on the bill could come as early as later today.

Full text of the letter follows:

Dear Secretary Bessent and Attorney General Bondi:

On February 21, 2025, the Lazarus Group, a hacker syndicate backed by the Democratic People’s Republic of Korea (North Korea), stole approximately $1.5 billion in digital currency from Bybit, a popular cryptocurrency exchange. In the wake of this attack—the “largest crypto theft of all time”—we write to request information regarding your efforts to combat increasingly aggressive and frequent cyber-attacks by ransomware groups based in North Korea.

North Korea relies on cryptocurrency theft to subvert U.S.-led international sanctions and to undermine the security of the United States and our Indo-Pacific allies. The Annual Threat Assessment of the U.S. Intelligence Community for 2025 states that “North Korea is funding its military development—allowing it to pose greater risks to the United States—and economic initiatives by stealing hundreds of millions of dollars per year in cryptocurrency from the United States and other victims.” Between 2017 and 2023, North Korea stole an estimated $3 billion in crypto hacks, laundering tokens through crypto mixers to effectively mask their origins before funneling the proceeds back to Pyongyang. These stolen assets have helped keep the regime afloat and supported continued investments in its nuclear and conventional weapons programs. Reports suggest there are potentially thousands of North Korean-affiliated crypto hackers around the globe.

In recent years, North Korean hackers have shifted from simplistic crypto theft schemes to more sophisticated tactics. Typically, these attacks center around variations of social engineering schemes, designed to exploit vulnerabilities in tech and crypto companies. Hackers have increasingly found ways to infiltrate crypto firms, often faking credentials, resumes, and documents and disguising themselves as American or foreign nationals eligible for work. According to reports, “[t]hey have pretended to be Canadian IT workers, government officials and freelance Japanese blockchain developers. They will conduct video interviews to get a job, or …masquerade as potential employers.” In addition, hackers have relied on “phishing and supply chain attacks, and…infrastructure hacks which involve private key or seed phrase compromises.”

The Bybit hack reflects a further escalation in North Korea’s ability to execute complex crypto theft schemes. In the attack, hackers pulled approximately $1.5 billion from a “cold” crypto storage wallet—a “piece of hardware…kept mostly isolated from online networks” that, prior to the attack, were “considered to be almost impervious to attacks.”10 According to experts, the attack suggests that “North Korea has either expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to absorb and process illicit funds.”11 The hack is expected to have significant impacts on the crypto industry and leaves companies scrambling to bolster cybersecurity. Specifically, “staving off North Korean thefts will likely require much higher spending by crypto exchanges.”

In the wake of the Bybit hack, it is essential that the United States redouble its efforts to prevent North Korean crypto theft. To better understand the scope of North Korea’s reliance on the theft of crypto to evade sanctions and finance its weapons programs and the steps the administration is taking to address this urgent national security concern, we ask that you respond to the following questions by June 2, 2025:

1. Please describe the steps your agency is taking to address threats to U.S. national security posed by North Korea’s theft of cryptocurrency to earn revenue and bypass sanctions.

2. What additional steps, if any, does your agency plan to take in the wake of the Bybit attack to bolster efforts to prevent North Korean cryptocurrency theft?

3. What are the biggest challenges your agency faces in combatting North Korean cryptocurrency theft? What steps can Congress take to bolster and support enforcement efforts to prevent future crypto theft?

Sincerely,