North Korean Hackers Cash Out Hundreds of Millions from $1.5bn ByBit Hack
In a shocking turn of events, hackers believed to be working for the North Korean regime have successfully converted at least $300 million (£232 million) of their record-breaking $1.5 billion crypto heist into unrecoverable funds following a devastating hack on crypto exchange ByBit two weeks ago.
The Lazarus Group, a notorious hacking team thought to be linked to the North Korean government, swiped the massive haul of digital tokens in a daring attack on ByBit, one of the world's largest cryptocurrency exchanges. Since then, it has been a cat-and-mouse game between the hackers and law enforcement agencies trying to track down and block the hackers from successfully converting the crypto into usable cash.
Experts say that the Lazarus Group is working nearly 24 hours a day, using sophisticated automated tools and years of experience to confuse the money trail. "Every minute matters for the hackers who are trying to confuse the money trail and they are extremely sophisticated in what they're doing," says Dr. Tom Robinson, co-founder of crypto investigators Elliptic.
According to Elliptic's analysis, 20% of the funds have now "gone dark", meaning it is unlikely to ever be recovered. The US and allies accuse North Korea of carrying out dozens of hacks in recent years to fund the regime's military and nuclear development.
The Cat-and-Mouse Game
ByBit, which has since replenished the stolen coins with loans from investors, is waging war on Lazarus. The company's CEO, Ben Zhou, assured customers that none of their funds had been taken in the initial hack, but the firm has since launched a reward program encouraging members of the public to trace the stolen funds and get them frozen where possible.
One such individual has already shared more than $4 million in rewards for successfully identifying $40 million of the stolen money. However, experts are downbeat about the chances of the rest of the funds being recoverable, given the North Korean expertise in hacking and laundering the money.
The Challenges Ahead
North Korea is a very closed system and closed economy, creating a successful industry for hacking and laundering that they don't care about the negative impression of cyber crime," says Dr. Dorit Dor from cybersecurity company Check Point.
Another problem is that not all crypto companies are as willing to help as others. Crypto exchange eXch has been accused by ByBit and others of not stopping the criminals cashing out, with over $90 million successfully funnelled through this exchange.
The Elusive Owner
eXch's elusive owner, Johann Roberts, disputes these claims, saying that his company didn't initially stop the funds because they were in a long-running dispute with ByBit. Roberts also argues that mainstream companies that identify crypto customers are betraying the private and anonymous benefits of cryptocurrency.
The Lazarus Group: A Threat to Global Security
The Lazarus Group has become infamous for its role in some of the world's most high-profile hacks, including the theft of $1.5 billion from ByBit. The group has targeted banks, but has specialized in attacking cryptocurrency companies over the past five years.
The industry is less well protected with fewer mechanisms in place to stop them laundering the funds. Recent hacks linked to North Korea include a 2020 incident where the US added North Koreans accused of being part of the Lazarus Group to its Cyber Most Wanted list, but the chances of the individuals ever being arrested are extremely slim unless they leave their country.