.webp)
North Korean hackers have siphoned off hundreds of millions from the $1.5 billion ByBit hack.
Notorious hacking collective believed to operate under the North Korean regime has reportedly managed to launder at least $300 million of cryptocurrency from a staggering $1.5 billion theft, making it virtually untraceable.
The group, identified as Lazarus, pulled off the massive digital heist targeting the ByBit crypto exchange just two weeks ago. Since the breach, cybersecurity professionals and law enforcement have been locked in a relentless pursuit to intercept the stolen assets before they’re fully converted into fiat or otherwise usable funds.
Sources familiar with the matter suggest the hackers are working around the clock, possibly channeling the illicit gains toward North Korea’s weapons programs or other military initiatives.
According to Dr. Robinson, when it comes to laundering cryptocurrency, North Korea stands out as the most proficient among cybercriminal networks.
“They likely have a dedicated team operating around the clock with sophisticated software and extensive experience,” he explains. “Their activity suggests they pause only briefly each day, likely working in shifts to continuously convert stolen crypto into usable funds.”
This assessment is supported by Elliptic’s investigation and echoed by crypto platform ByBit, which reported that 20% of the stolen assets have now become untraceable — essentially lost for good.
The United States and its partners have accused North Korea of orchestrating numerous cyberattacks in recent years, allegedly to support its weapons and nuclear programs.On February 21, attackers infiltrated one of ByBit’s third-party service providers, covertly changing the destination address for a major Ethereum transfer involving 401,000 coins.
Believing it was moving the funds into its own wallet, ByBit unknowingly redirected the entire sum straight into the hands of the hackers.
ByBit’s CEO, Ben Zhou, made it clear to users that their personal assets remained untouched throughout the breach.
To address the loss, the company borrowed funds from its investors to replace the stolen cryptocurrency. Zhou described the company’s current efforts as a full-scale battle against the Lazarus Group.
To aid this effort, ByBit launched the "Lazarus Bounty" program, calling on the public to help trace the stolen digital currency and freeze it wherever possible.Because blockchain records are transparent and publicly accessible, it's feasible to follow the trail as the Lazarus Group attempts to shuffle the funds across various wallets.
If the cybercriminals try to convert the crypto into fiat currencies like USD using a major exchange, those platforms can intervene and freeze the assets if there’s any suspicion of illicit activity.
So far, 20 individuals have collectively earned over $4 million in rewards after successfully identifying $40 million of the stolen funds, helping platforms prevent the money from being cashed out.
Despite these efforts, many experts remain pessimistic about retrieving the remaining funds. North Korea’s proficiency in cybercrime and laundering makes further recovery unlikely.“North Korea is an isolated country with a tightly controlled economy,” said Dr. Dorit Dor of cybersecurity firm Check Point. “They’ve built a well-oiled machine around hacking and laundering, and they’re not concerned about how the world views their criminal tactics.”
Keep up with the latest news, trends, and innovations driving the global automotive industry by subscribing to The Insight Loop Tech newsletter. Stay informed—Subscribe here.
North Korea has never officially acknowledged its involvement with the Lazarus Group, but it is widely believed to be the only nation utilizing hacking for financial gain.
Initially, the Lazarus Group focused on bank cyberattacks, but in the past five years, they've shifted their focus to cryptocurrency exchanges and related companies.
The cryptocurrency sector is less secure, with limited measures in place to prevent hackers from laundering stolen funds.
Some notable hacks attributed to North Korea include:
- The $41 million hack of UpBit in 2019
- The $275 million theft from KuCoin (most of which was later recovered)
- The 2022 Ronin Bridge attack, where $600 million in crypto was stolen
- A $100 million hack of Atomic Wallet in 2023
In 2020, the US added North Koreans linked to the Lazarus Group to its Cyber Most Wanted list. However, the likelihood of these individuals being arrested remains very low unless they travel outside of North Korea.
