North Korean Hackers Launder Stolen Funds
Hackers linked to North Korea’s infamous Lazarus Group continue their high-stakes operation to launder funds stolen from ByBit, a major cryptocurrency exchange. The cybercriminals are believed to be operating on behalf of the North Korean regime, having successfully cashed out at least $300 million (£232 million) of the $1.5 billion cryptocurrency stolen from ByBit.
The hack, which took place just two weeks ago, was one of the largest ever seen in the crypto world. Since then, cybersecurity experts have been closely monitoring the group’s efforts to convert stolen digital tokens into usable currency. Authorities describe the situation as a continuous battle to prevent the hackers from completing their illicit transactions.
Lazarus Group’s Relentless Laundering Efforts
Experts warn that Lazarus Group is operating nearly 24/7 in an attempt to obscure the trail of stolen funds. Their operations likely aim to funnel these funds into North Korea’s military and nuclear programs. Dr. Tom Robinson, co-founder of Elliptic, a leading crypto investigative firm, explains the group’s strategy: “Every minute counts for these hackers. They employ advanced tactics to obscure the money trail.”
Dr. Robinson notes that North Korea’s proficiency in laundering cryptocurrency is exceptional. “I suspect they have an entire team dedicated to this task, using automated tools and years of expertise. Their activity suggests they work in shifts, operating with little downtime to complete the laundering process.”
According to Elliptic’s findings, ByBit has confirmed that 20% of the stolen funds have “gone dark,” meaning recovery is highly unlikely. U.S. officials and their allies have accused North Korea of carrying out multiple cyberattacks in recent years to fund its nuclear ambitions and military programs.
The ByBit Hack and Its Fallout
The Lazarus Group’s hack of ByBit began on February 21 when hackers infiltrated one of ByBit’s suppliers and altered the destination address for 401,000 Ethereum coins. The entire sum was unknowingly transferred directly to the hands of Lazarus Group, marking a significant loss for the exchange. Despite this breach, ByBit CEO Ben Zhou assured customers that their personal funds were unaffected. The exchange has since replenished the lost assets through loans from investors and is actively pursuing the hackers.
A Global Effort to Track the Stolen Funds
In response to the hack, ByBit launched the Lazarus Bounty program, urging the public to help track and freeze the stolen funds. As cryptocurrency transactions are recorded on public blockchains, investigators have the ability to monitor the hackers’ movements. If Lazarus Group attempts to cash out through legitimate crypto services, these platforms can freeze the funds upon detecting illicit activity.
So far, 20 participants in the bounty program have received over $4 million in rewards for successfully identifying and blocking $40 million worth of stolen assets. However, experts remain cautious about recovering the remaining stolen funds due to North Korea’s advanced skills in digital theft and money laundering.
Cryptocurrency Laundering and Industry Gaps
Dr. Dorit Dor, a cybersecurity expert at Check Point, points out that North Korea’s well-established cybercrime network is a significant challenge. “North Korea operates in an isolated economy, where hacking and laundering have become highly developed industries. Unlike other nations, they are unconcerned with reputational damage, making them difficult to counter.”
The investigation into the ByBit hack has also revealed gaps in the cooperation between cryptocurrency platforms. Some exchanges, like eXch, have been accused of enabling money laundering. ByBit and other industry stakeholders claim that eXch failed to prevent the hackers from cashing out, with over $90 million allegedly laundered through the exchange.
eXch’s owner, Johann Roberts, denies the allegations. He admits that his firm did not initially block the transactions due to a dispute with ByBit but states that his team is now cooperating. Roberts further argues that firms that enforce strict identity verification undermine cryptocurrency’s core principles of privacy and anonymity.
Lazarus Group’s Track Record of Crypto Heists
Despite North Korea’s official denial of any connection to Lazarus Group, experts believe the group remains one of the most significant threats in the cybercrime world. Lazarus Group’s cyberattacks have primarily targeted financial institutions, but over the last five years, the group has shifted its focus to cryptocurrency exchanges, which often have weaker security measures.
Some of the most notable North Korean-linked crypto heists include:
- The 2019 UpBit hack, which resulted in a $41 million theft.
- The 2020 KuCoin hack, which saw $275 million stolen (most funds were later recovered).
- The 2022 Ronin Bridge attack, which led to a $600 million loss.
- A 2023 breach of Atomic Wallet, where hackers made off with $100 million.
In 2020, the U.S. placed Lazarus Group members on its Cyber Most Wanted list. However, experts remain skeptical that arrests will be made anytime soon unless these individuals travel outside of North Korea.
For more updates on this developing story, visit EuroNews24.