North Korean hackers have successfully cashed out at least $300m (£232m) of their record-breaking $1.5bn crypto heist. The hackers, known as Lazarus Group, swiped the huge amount of digital tokens in a hack on crypto exchange ByBit.
Experts say the infamous hacking team is working nearly 24 hours a day – potentially funnelling the money into the regime’s military development.
“Every minute matters for the hackers who are trying to confuse the money trail and they are extremely sophisticated in what they’re doing,” says Dr Tom Robinson, co-founder of crypto investigators Elliptic.
Continue reading
Out of all the criminal actors involved in crypto currency, North Korea is the best at laundering crypto, Dr Robinson says.
The US and allies accuse the North Koreans of carrying out dozens of hacks in recent years to fund the regime’s military and nuclear development.
On 21 February the criminals hacked one of ByBit’s suppliers to secretly alter the digital wallet address that 401,000 Ethereum crypto coins were being sent to.
ByBit thought it was transferring the funds to its own digital wallet, but instead sent it all to the hackers.
ByBit’s Lazarus Bounty programme is encouraging members of the public to trace the stolen funds and get them frozen where possible.
All crypto transactions are displayed on a public blockchain, so it’s possible to track the money as it’s moved around by the Lazarus Group.
If the hackers try to use a mainstream crypto service to attempt to turn the coins into normal money like dollars, the crypto coins can be frozen by the company if they think they are linked to crime.
So far 20 people have shared more than $4m in rewards for successfully identifying $40m of the stolen money and alerting crypto firms to block transfers.
But experts are downbeat about the chances of the rest of the funds being recoverable, given the North Korean expertise in hacking and laundering the money.
“North Korea is a very closed system and closed economy so they created a successful industry for hacking and laundering and they don’t care about the negative impression of cyber crime,” Dr Dorit Dor from cyber security company Check Point said.
Another problem is that not all crypto companies are as willing to help as others.
Crypto exchange eXch is being accused by ByBit and others of not stopping the criminals cashing out.
More than $90m has been successfully funnelled through this exchange.
North Korea has never admitted being behind the Lazarus Group, but is thought to be the only country in the world using its hacking powers for financial gain.
Previously the Lazarus Group hackers targeted banks, but have in the last five years specialised in attacking cryptocurrency companies.
The industry is less well protected with fewer mechanisms in place to stop them laundering the funds.
Recent hacks linked to North Korea include:
- The 2019 hack on UpBit for $41m
- The $275m theft of crypto from exchange KuCoin (most of the funds were recovered)
- The 2022 Ronin Bridge attack which saw hackers make off with $600m in crypto
- Approximately $100m in crypto was stolen in an attack on Atomic Wallet in 2023
In 2020, the US added North Koreans accused of being part of the Lazarus Group to its Cyber Most Wanted list. But the chances of the individuals ever being arrested are extremely slim unless they leave their country.
