North Korean hackers launder millions from $1.5bn ByBit heist
Hackers believed to be operating on behalf of the North Korean regime have successfully laundered at least $300 million from their staggering $1.5 billion cryptocurrency theft. The cybercriminals, known as the Lazarus Group, executed the massive heist by infiltrating crypto exchange ByBit just two weeks ago.
Since the attack, international cybersecurity experts and financial investigators have been engaged in a race against time to trace and block the illicit funds. Despite their efforts, a significant portion of the stolen assets has already disappeared into the depths of the digital underworld, fueling concerns that the proceeds are being funneled into North Korea’s military and nuclear programs.
According to Dr. Tom Robinson, co-founder of crypto investigation firm Elliptic, the Lazarus Group operates with extreme sophistication, working nearly around the clock to obscure the money trail. Reports indicate that they take only a few hours of rest daily, potentially working in shifts to quickly convert stolen digital assets into usable cash.
ByBit’s analysis confirms these suspicions, revealing that roughly 20% of the stolen funds amounting to around $300 million have already “gone dark,” making recovery nearly impossible, according to sources. The U.S. and its allies have long accused North Korea of orchestrating cyberattacks to finance its weapons development, and this latest breach adds to the growing list of financial crimes attributed to the regime.
The attack on ByBit took place on February 21, when the Lazarus Group exploited one of the exchange’s suppliers to secretly alter a digital wallet address. In what appeared to be a routine transaction, ByBit unknowingly transferred 401,000 Ethereum (ETH) tokens valued at over $1.5 billion directly into the hackers’ hands.
ByBit CEO Ben Zhou assured customers that no personal funds were affected, as the company swiftly replenished the stolen amount with investor-backed loans. However, Zhou has since declared “war on Lazarus,” launching a public bounty program to track down and freeze the stolen funds.
All cryptocurrency transactions are recorded on a public blockchain, allowing for real-time tracking of funds. ByBit’s Lazarus Bounty program has incentivized individuals to trace and report any suspicious transactions linked to the stolen funds. So far, 20 participants have received over $4 million in rewards after successfully identifying and blocking $40 million worth of illicit transfers.
A major roadblock in the investigation is the reluctance of certain crypto exchanges to cooperate. Although North Korea has never officially admitted to operating the Lazarus Group, evidence strongly suggests that the country is the only one in the world systematically using cybercrime for financial gain.
While Lazarus hackers previously targeted banks, they have increasingly shifted their focus to cryptocurrency firms, which tend to have weaker security measures and fewer regulatory safeguards.
In 2020, the U.S. added suspected Lazarus Group members to its Cyber Most Wanted list. However, experts believe the likelihood of arrests remains slim unless these individuals leave North Korea. As long as the regime continues to leverage cyberattacks for economic survival, the international community faces an uphill battle in stopping these sophisticated digital heists