Hackers believed to be linked to the North Korean regime have successfully cashed out at least $300 million from their staggering $1.5 billion cryptocurrency heist involving the exchange ByBit.
The group, known as the Lazarus Group, executed a significant hack on the crypto platform two weeks ago, and authorities are now engaged in a challenging effort to trace and block the movement of the stolen funds. Dr. Tom Robinson, co-founder of crypto analytics firm Elliptic, noted that these hackers are operating almost around the clock, likely redirecting the money to fund the regime’s military initiatives.
“They are extremely sophisticated in their tactics,” Dr. Robinson stated, speculating that the group employs an entire team using automated tools to facilitate their operations. Elliptic’s analysis aligns with ByBit’s report, indicating that 20% of the stolen funds have already “gone dark,” suggesting they may never be recovered.
The US and its allies have accused North Korea of executing numerous hacks to finance its military and nuclear projects. In the attack on February 21, the hackers altered the digital wallet address meant for 401,000 Ethereum coins, redirecting the transfer to their own accounts while ByBit mistakenly believed the funds were going to their wallet.
In the aftermath, ByBit has assured users that their personal funds remain intact and has replenished the stolen Ethereum with loans from investors. However, the company now describes its efforts as a “war on Lazarus,” launching the Lazarus Bounty program to encourage the public to help trace and freeze the stolen assets.
Despite tracking capabilities provided by the public blockchain, experts warn that recovering the remaining funds will be challenging given North Korea’s established system for hacking and laundering money.
Crypto exchange eXch has faced criticism from ByBit and others for allegedly allowing the hackers to cash out, with over $90 million reportedly funneled through the platform. While eXch’s owner Johann Roberts disputed these claims, he acknowledged the company’s initial failure to stop the funds due to an ongoing dispute with ByBit and uncertainty about the source of the coins.
While North Korea has not officially admitted responsibility for the Lazarus Group, it is viewed as a pioneer in utilizing hacking for financial gain. Historically, the group has targeted banks but has recently shifted focus to cryptocurrency exchanges, which are less protected against such attacks.
Notable hacks linked to North Korea include the 2019 breach of UpBit for $41 million, the $275 million theft from KuCoin (with most of the funds later recovered), and the 2022 Ronin Bridge attack that resulted in $600 million being stolen. Despite being added to the US Cyber Most Wanted list, the likelihood of apprehending these individuals remains low, especially as long as they stay within North Korea.
Credit: BBC News
