Hackers linked to North Korea have successfully converted at least $300 million from a record-breaking $1.5 billion cryptocurrency theft into unrecoverable funds.
The Lazarus Group, an infamous cybercriminal team, stole the massive sum during an attack on crypto exchange ByBit two weeks ago.
Since then, experts have been in a race to track and block their efforts to launder the funds.
A Sophisticated Operation
Dr. Tom Robinson, co-founder of crypto investigation firm Elliptic, describes the hackers’ approach as highly advanced.
“Every minute matters for the hackers who are trying to confuse the money trail, and they are extremely sophisticated in what they’re doing.”
Lazarus Group is known for its expertise in crypto laundering. Dr. Robinson suggests the hackers operate in shifts, working nearly around the clock with automated tools to evade detection.
ByBit’s Struggle to Recover Stolen Funds
Elliptic’s analysis aligns with ByBit’s own findings—around 20% of the stolen funds have “gone dark,” meaning they are unlikely to be recovered.
On February 21, the hackers infiltrated a ByBit supplier and altered a digital wallet address. The crypto exchange unknowingly transferred 401,000 Ethereum coins to the criminals instead of its own wallet.
ByBit Fights Back
ByBit CEO Ben Zhou has assured customers that no user funds were affected. The company has replaced the stolen crypto through loans from investors and is now actively tracking the thieves.
The company launched the Lazarus Bounty program, enlisting the public’s help in tracing and freezing the stolen funds.
- So far, 20 participants have earned over $4 million in rewards.
- Their efforts have helped freeze $40 million of the stolen money.
Since all cryptocurrency transactions are recorded on public blockchains, the stolen funds can be monitored as Lazarus attempts to cash out. If they use mainstream crypto services, companies can block transactions linked to the heist.
Hiring? Post jobs for free with WhatJobs
A Battle Against North Korean Cybercrime
The US and its allies accuse North Korea of using cybercrime to finance its military and nuclear programs. Experts say this latest heist is part of a broader strategy.
Dr. Dorit Dor from cybersecurity firm Check Point explains the country’s approach:
“North Korea is a very closed system and closed economy, so they created a successful industry for hacking and laundering, and they don’t care about the negative impression of cyber crime.”
With the Lazarus Group’s skill in moving stolen crypto undetected, experts believe a significant portion of the stolen funds will never be recovered.
Need Career Advice? Get employment skills advice at all levels of your career
The Ongoing Crypto War
The battle over the stolen ByBit funds is far from over. While authorities and blockchain analysts continue their efforts, the hackers remain determined to move their crypto into usable cash.
With millions at stake and Lazarus refining their laundering tactics, crypto exchanges and law enforcement must stay one step ahead to prevent further financial losses.
