Hackers believed to be operating under the umbrella of the North Korean regime have successfully managed to cash out a staggering $300 million of the $1.5 billion cryptocurrency heist they pulled off. The criminal group, known as the Lazarus Group, orchestrated the monumental theft of digital tokens through a hack on the crypto exchange ByBit around two weeks ago.
Since the heist, authorities have been engaged in a high-stakes game of cat-and-mouse to track and block the hackers from converting the stolen cryptocurrency into usable cash. Experts have observed that the notorious hacking team is working diligently, almost around the clock, possibly directing the money towards the regime’s military and nuclear development.
Dr. Tom Robinson, a co-founder of crypto investigation firm Elliptic, remarked that the hackers are adept at obscuring the money trail and display a high level of sophistication in their operations. He highlighted North Korea’s proficiency in laundering cryptocurrency compared to other criminal actors in the crypto space.
Elliptic’s analysis aligns with ByBit’s own findings, indicating that 20% of the stolen funds have now disappeared into the shadows, making it unlikely for recovery. The United States and its allies have consistently accused North Korea of carrying out numerous hacks over the years to finance the regime’s military ambitions.
In a bold move on February 21st, the hackers manipulated a digital wallet address linked to 401,000 Ethereum crypto coins by hacking one of ByBit’s suppliers. This led to the erroneous transfer of the funds to the hackers instead of ByBit’s intended wallet.
Despite the setback, ByBit’s CEO, Ben Zhou, reassured customers that none of their funds were compromised. The company replenished the stolen coins through loans from investors and launched the Lazarus Bounty program to incentivize the public to help trace and freeze the stolen funds wherever possible.
The public nature of blockchain technology allows for the monitoring of cryptocurrency transactions, making it possible to track the movement of funds by the Lazarus Group. If the hackers attempt to convert the coins into traditional currency through mainstream crypto services, companies can freeze the assets if they suspect illicit activity.
Despite the efforts to recover the stolen funds, experts remain skeptical about the possibility of reclaiming the entirety of the stolen funds, given North Korea’s expertise in cybercrime and money laundering. Dr. Dorit Dor from cybersecurity firm Check Point emphasized North Korea’s disregard for the negative implications of engaging in cybercrime due to the closed nature of its economy.
Challenges also arise from the varying levels of cooperation among crypto companies, with some reluctant to hinder the hackers’ cashing out efforts. One such exchange, eXch, has been accused of facilitating the laundering of over $90 million by ByBit and other entities. Johann Roberts, the elusive owner of eXch, acknowledged the initial oversight but claimed that the ongoing dispute with ByBit clouded their judgment. He emphasized the importance of maintaining the privacy and anonymity benefits of cryptocurrency despite the risks of criminal exploitation.
North Korea has never officially acknowledged its ties to the Lazarus Group but is widely believed to be the sole state engaging in financial hacking activities. The group, which previously targeted banks, has shifted its focus to cryptocurrency companies in recent years, exploiting the industry’s vulnerabilities in anti-money laundering measures.
Notable cyberattacks linked to North Korea include the theft of $41 million from UpBit in 2019, the $275 million hack on KuCoin (with most funds recovered), the $600 million Ronin Bridge attack in 2022, and the $100 million crypto heist on Atomic Wallet in 2023. The individuals associated with the Lazarus Group were added to the US Cyber Most Wanted list in 2020, but apprehending them remains a remote possibility unless they step outside North Korea’s borders.