North Korean Hackers Successfully Launder $300 Million from Crypto Heist
Hackers believed to be affiliated with the North Korean government have managed to convert at least $300 million (£232 million) from their unprecedented $1.5 billion cryptocurrency theft. This notorious group, known as the Lazarus Group, executed the massive breach on the crypto exchange ByBit just two weeks ago. Since then, efforts to trace and hinder the hackers from transforming their stolen cryptocurrency into cash have been ongoing.
Experts indicate that this notorious hacking collective is operating almost around the clock, potentially diverting the stolen funds toward the North Korean military’s development initiatives. According to Dr. Tom Robinson, co-founder of crypto analysis firm Elliptic, “Every minute is crucial for the hackers as they work to obfuscate their financial trail, employing highly sophisticated techniques.”
Dr. Robinson further emphasizes that North Korea excels at laundering cryptocurrency compared to other criminal organizations. “I suspect they have designated teams utilizing automated systems and leveraging years of expertise. Their operations suggest they take minimal breaks, possibly working in shifts to quickly convert stolen crypto into cash.”
Elliptic’s findings align with statements from ByBit, which reports that approximately 20% of the stolen assets have become untraceable, indicating a low likelihood of recovery. The United States and its allies have accused North Korea of conducting numerous cyberattacks in recent years to finance its military and nuclear ambitions.
On February 21, the hackers compromised one of ByBit’s partners to discreetly modify the digital wallet address where 401,000 Ethereum coins were being directed. ByBit mistakenly believed it was sending the funds to its own wallet, but instead, the assets were redirected to the hackers.
ByBit’s CEO Vows to Retrieve Stolen Funds
Ben Zhou, the CEO of ByBit, has reassured clients that their assets remain secure and untouched. The company has since replenished the stolen digital tokens through loans from investors, and Zhou has declared a “war” against the Lazarus Group. ByBit’s Lazarus Bounty initiative is calling on the public to help locate the stolen funds and freeze them whenever possible.
All cryptocurrency transactions are recorded on public blockchains, allowing for the tracking of funds as they are moved by the Lazarus Group. If the hackers attempt to utilize mainstream crypto services to convert their assets into traditional currencies, these services may freeze the coins if they suspect criminal ties. So far, 20 individuals have collectively earned over $4 million in rewards for successfully identifying and reporting $40 million of the stolen assets to crypto firms.
However, experts remain skeptical about the prospects of recovering the remaining funds, given North Korea’s advanced capabilities in hacking and money laundering. Dr. Dorit Dor from cybersecurity firm Check Point noted, “North Korea operates within a closed economy, creating a successful industry around hacking and laundering without concern for the stigma associated with cybercrime.”
Challenges in Stopping the North Korean Hackers
An additional complicating factor is that not all cryptocurrency exchanges are equally cooperative in addressing these issues. ByBit and others have accused the crypto exchange eXch of failing to prevent the criminals from cashing out, with over $90 million successfully laundered through this platform.
In response, eXch’s owner, Johann Roberts, contested these allegations. He acknowledged that his exchange initially did not halt the transactions due to an ongoing dispute with ByBit and uncertainty about the origins of the funds. Roberts claims his team is now cooperating but argues that mainstream companies identifying crypto customers are undermining the privacy and anonymity that cryptocurrencies offer.
North Korea’s Ongoing Hacking Campaigns
While North Korea has never officially acknowledged its connection to the Lazarus Group, it is widely regarded as the only nation leveraging its hacking capabilities for financial gain. Historically, the Lazarus Group has targeted financial institutions but has shifted focus over the past five years to cryptocurrency exchanges, which often lack robust security measures to prevent the laundering of stolen funds.
Recent cyber incidents associated with North Korea include the 2019 hack of UpBit, resulting in a loss of $41 million, the $275 million theft from KuCoin (most of which was later recovered), the 2022 Ronin Bridge breach that led to the theft of $600 million in crypto, and the $100 million attack on Atomic Wallet in 2023. In 2020, the U.S. government included North Koreans linked to the Lazarus Group on its Cyber Most Wanted list, although the likelihood of their arrest remains extremely low unless they leave the country.
