Hackers believed to be linked to North Korea’s Lazarus Group have managed to convert at least $300m of their record-breaking $1.5bn crypto heist from the ByBit exchange into cash. The incident, which took place two weeks ago, set off a race against time as experts and authorities worked to track and block the criminals from laundering the stolen digital tokens.
According to Dr Tom Robinson, co-founder of crypto investigation firm Elliptic, hackers work almost around the clock using highly sophisticated methods to confuse the money trail. “Every minute matters for the hackers who are trying to confuse the money trail,” he explained. The North Korean team is believed to have an entire room of people using automated tools and working in shifts, demonstrating their deep expertise in laundering cryptocurrency.
ByBit confirmed that around 20% of the stolen funds have now “gone dark,”—making recovery of that portion unlikely. Ben Zhou, CEO of ByBit, assured customers that none of their funds had been taken and that the company has since replenished the stolen coins with investor loans. He added that ByBit is actively fighting back with a Lazarus Bounty programme, which rewards those who help trace and freeze the stolen funds.
This case is just one in a series of high-profile crypto heists linked to North Korean hackers. In recent years, the Lazarus Group has targeted banks and cryptocurrency companies alike, with notable incidents including the 2019 UpBit hack for $41m, the $275m theft from KuCoin, and the 2022 Ronin Bridge attack that saw $600m in crypto stolen.
While most crypto companies are trying to assist by freezing funds when suspicious transactions occur, some exchanges have been less cooperative. One such platform, eXch, is accused by ByBit of allowing over $90m to be cashed out, though its owner, Johann Roberts, insists that they are now cooperating despite a long-running dispute with ByBit.
The United States and its allies have long accused North Korea of using such hacks to fund its military and nuclear development programs. Although North Korea has never officially admitted involvement, its reputation for both hacking and money laundering in the crypto space continues to grow.
