Recent developments reveal that North Korean hackers, known as the Lazarus Group, have successfully laundered $300 million from a massive $1.5 billion hack on crypto exchange ByBit. With expertise in moving funds undetected, they pose a significant threat to cybersecurity and global financial stability.
Lazarus Group: North Korean Hackers Launder $300 Million from ByBit Heist
Lazarus Group: North Korean Hackers Launder $300 Million from ByBit Heist
A comprehensive look at how the Lazarus Group of North Korean hackers converted a significant portion of stolen cryptocurrency into untraceable funds, raising concerns over their impacts on military financing.
North Korean hackers, notably the Lazarus Group, have reportedly converted at least $300 million of their staggering $1.5 billion theft from the cryptocurrency exchange ByBit into unrecoverable funds. The hack took place two weeks ago, and experts are now racing against time to track and block these hackers from transforming their digital loot into usable cash.
The Lazarus Group operates with extreme sophistication, with experts believing they are working nearly around the clock to obfuscate the money trail. "Every minute is crucial for them to confuse the trail of funds, and they demonstrate remarkable skill," notes Dr. Tom Robinson, co-founder of crypto investigative firm Elliptic. In fact, he describes North Korea as a leading entity in the art of laundering cryptocurrency. "It's highly likely they have a dedicated team of individuals employing automated tools and extensive experience to execute these operations, only taking short breaks throughout the day," Robinson adds.
Elliptic's analysis aligns with ByBit's findings, indicating that about 20% of the stolen funds have "gone dark," rendering recovery efforts virtually impossible. The United States and its allies have accused the North Korean regime of executing numerous cyber attacks over the years to fund its military and nuclear initiatives. On February 21, hackers compromised one of ByBit's suppliers, effectively altering the digital wallet address and redirecting a transfer of 401,000 Ethereum coins to their own accounts instead.
Ben Zhou, ByBit's CEO, has committed to recovering some of the stolen cryptocurrencies through an incentive program dubbed Lazarus Bounty, which encourages the public to help identify and freeze the illicit funds. Despite an apparent openness to collaboration, the struggle is compounded by the fact that not all cryptocurrency exchanges are willing to support these recovery efforts.
The owners of eXch, identified as Johann Roberts, have faced criticism from ByBit and others for allegedly permitting the laundering of funds through their platform. Roberts, however, disputes this claim, emphasizing their uncertainty regarding the origins of the assets amidst a protracted dispute with ByBit.
Historically, North Korea has not officially acknowledged its involvement with the Lazarus Group, but it is widely believed to be the only nation actively utilizing cybercrime for financial gain. The group, once focused on bank infiltrations, has shifted primarily to cryptocurrency exchanges due to their relatively weaker defenses. Previous hacks associated with North Korean operatives include:
- The 2019 breach at UpBit for $41 million
- A $275 million incident involving KuCoin (in which most funds were later recovered)
- The 2022 Ronin Bridge attack, resulting in a loss of $600 million
- A $100 million theft from Atomic Wallet in 2023
In 2020, the United States officially placed members of the Lazarus Group on its Cyber Most Wanted list, although the likelihood of their apprehension remains improbably low unless they exit North Korean borders.
