Hackers believed to be working on behalf of the North Korean regime have successfully laundered at least $300 million (£232 million) from a massive $1.5 billion cryptocurrency heist, BBC reports.
The hack, which targeted the ByBit exchange two weeks ago, was attributed to the notorious Lazarus Group, a cybercriminal collective with suspected ties to North Korea.
Since the heist, there has been a concerted effort to track and block the hackers from converting the stolen crypto assets into usable cash. However, experts warn that the Lazarus Group is highly skilled in money laundering and is continuously working to obscure the trail of the stolen funds.
Dr. Tom Robinson, co-founder of crypto investigators Elliptic, explained that the Lazarus Group works nearly round-the-clock, using automated tools and sophisticated techniques to launder the stolen assets. He stated:
“Every minute matters for the hackers, and they are extremely sophisticated in what they’re doing.”
According to Elliptic, the group takes only brief breaks and operates in shifts to quickly convert the stolen cryptocurrency.
Elliptic’s analysis, in conjunction with ByBit’s own findings, reveals that about 20% of the funds have already been “laundered” beyond recovery, a status known as “going dark.” ByBit, a major cryptocurrency exchange, has confirmed that the attack occurred after hackers manipulated the digital wallet address of one of its suppliers in a transaction involving 401,000 Ethereum coins. While the exchange believed it was transferring the funds to its own wallet, the money was instead diverted to the hackers.
In response, ByBit’s CEO, Ben Zhou, has assured customers that none of their personal funds were affected. The exchange has replenished the stolen funds through loans from investors, but is now focusing its efforts on recovering the stolen crypto through its Lazarus Bounty program. The program encourages individuals to track and freeze the stolen funds by identifying suspicious transactions. So far, the bounty program has rewarded participants who successfully identified $40 million worth of stolen assets.
Despite these efforts, experts remain pessimistic about the recovery of the remaining funds. North Korea’s expertise in hacking and money laundering, along with its closed-off economy, has made it difficult to curb these types of crimes. Dr. Dorit Dor, a cybersecurity expert from Check Point, explained that North Korea has developed a “successful industry” for hacking and laundering funds, largely without concern for the international condemnation it faces.
Another challenge in recovering the stolen funds is the varying cooperation from different cryptocurrency companies. The exchange eXch, which is accused of not halting the conversion of the stolen funds, has reportedly funneled over $90 million through its platform. The owner of eXch, Johann Roberts, admitted that his company initially did not stop the funds due to an ongoing dispute with ByBit. However, he stated that his team is now cooperating and expressed concern over privacy issues related to cryptocurrency.
North Korea has long been suspected of using its hacking operations to fund the regime’s military and nuclear programs, and the Lazarus Group has targeted multiple cryptocurrency exchanges in recent years. High-profile hacks linked to North Korea include the 2019 theft of $41 million from UpBit, the 2022 Ronin Bridge attack involving $600 million, and the $100 million theft from Atomic Wallet in 2023.
