The Two weeks ago, hackers known as the Lazarus Group hacked the cryptocurrency exchange ByBit and took the massive collection of digital tokens.
Hackers thought to be connected to the North Korean government successfully converted at least $300 million (£232 million) of the historic $1.5 billion cryptocurrency theft into irretrievably lost money.
Since then, preventing the hackers from successfully turning the cryptocurrency into usable cash has involved a game of cat and mouse.
Experts say the infamous hacking team is working nearly 24 hours a day—potentially funneling the money into the regime’s military development.
“Every minute counts for the hackers who are trying to confuse the money trail. “They are extremely sophisticated in what they do,” says Dr. Tom Robinson, co-founder of crypto investigators Elliptic.
Out of all the criminal actors involved, Dr. Robinson believes North Korea excels at cryptocurrency laundering due to their use of automated tools and extensive experience. Also, based on their activity, it appears that they only take a few hours of rest each day, possibly working in shifts to convert the cryptocurrency into cash.”
Elliptic’s analysis is consistent with ByBit, which claims that 20% of the funds have now “gone dark,” meaning they are unlikely to be recovered.
The United States and its allies accuse North Korea of carrying out dozens of hacks in recent years to fund the regime’s military and nuclear development.
On February 21, criminals hacked one of ByBit is suppliers, secretly altering the digital wallet address to which 401,000 Ethereum crypto coins were sent.
ByBit thought it was transferring the funds to its own digital wallet, but it actually sent them all to the hackers.
ByBit’s CEO, Ben Zhou, assured customers that no funds had been taken.
The firm has since replenished the stolen coins with investor loans, but it is still “waging war on Lazarus,” as Zhou puts it.
ByBit is Lazarus Bounty program encourages members of the public to trace stolen funds and freeze them where possible.
All cryptocurrency transactions are visible on a public blockchain, making it possible to track the money as it moves around by the Lazarus Group.
If the hackers attempt to use a mainstream crypto service to convert the coins into regular money, such as dollars, the company may freeze the crypto coins if they believe they are linked to crime.
So far, 20 people have received more than $4 million in rewards for successfully identifying $40 million in stolen funds and alerting cryptocurrency firms to block transfers.
However, experts are skeptical of the chances of recovering the remaining funds, citing North Korea’s expertise in hacking and laundering the money.
According to Dr. Dorit Dor of the cybersecurity firm Check Point, “North Korea is a very closed system and closed economy, so they created a successful industry for hacking and laundering, and they do not care about the negative impression of cybercrime.”
Another issue is that not all cryptocurrency businesses are as eager to assist as others.
ByBit and others are accusing cryptocurrency exchange eXch of failing to prevent the criminals from cashing out.
Through this exchange, more than $90 million has been successfully transferred.
However, Johann Roberts, the mysterious owner of eXch, denied that via email.
He acknowledges that his team was not certain the coins were unquestionably from the hack at first and that they did not stop the funds because his company and ByBit are embroiled in a protracted legal battle.
Although he claims to be cooperating now, he contends that mainstream businesses that recognize cryptocurrency users are betraying the anonymity and privacy advantages of cryptocurrencies.
Although North Korea has never acknowledged being the mastermind of the Lazarus Group, it is believed to be the only nation in the world to use its hacking capabilities for profit.
In the past five years, the Lazarus Group hackers have focused on attacking cryptocurrency companies instead of banks.
There are fewer safeguards in place to prevent the industry from laundering the money, making it less protected.
Among the recent hacks connected to North Korea are:
- UpBit is 2019 hack cost $41 million.
- The $275 million cryptocurrency theft from KuCoin (the majority of the money was recovered)
- The 2022 attack on the Ronin Bridge, in which hackers stole $600 million in cryptocurrency
- In 2023, an attack on Atomic Wallet resulted in the theft of about $100 million worth of cryptocurrency.
North Koreans suspected of belonging to the Lazarus Group were added to the US Cyber Most Wanted list in 2020. However, unless they flee their country, the individuals have very little chance of ever being arrested.
