The FBI attributed the nearly $1.5 billion Bybit cryptocurrency theft to TraderTraitor, a North Korean hacking group also tracked as Jade Sleet, Slow Pisces, and UNC4899. The group is described as a Lazarus-linked, cryptocurrency-focused actor that targets Web3 and blockchain companies through spear-phishing, fake or compromised accounts on platforms such as GitHub, LinkedIn, Slack, and Telegram, and malicious developer collaboration lures. Reported tooling and tradecraft include custom macOS backdoors such as PLOTTWIST and TIEDYE, credential use for lateral movement, low-profile persistence, and RN Loader, which installs an information stealer and deletes itself. After thefts, North Korean operators rapidly swap, split, layer, and move funds through wallets, exchanges, bitcoin conversions, and mixers, underscoring how crypto theft and laundering support regime financing and continue to evolve.