The Lazarus Group has successfully converted a substantial portion of stolen cryptocurrency from ByBit, with cybersecurity experts concerned about their potential funding for military advancements. While bounty initiatives are in place to track the stolen funds, recovery appears bleak.**
North Korean Hackers Make Off with Massive Crypto Haul Amidst Ongoing Investigations**
North Korean Hackers Make Off with Massive Crypto Haul Amidst Ongoing Investigations**
North Korean cybercriminals reportedly launder millions from a significant ByBit hack, raising alarms over their advanced hacking capabilities.**
North Korean hackers, notorious for their cyber operations, have successfully converted around $300 million of the staggering $1.5 billion stolen in a recent attack on crypto exchange ByBit. Operating under the alias Lazarus Group, these cybercriminals executed the hack two weeks ago and have since been expertly maneuvering the stolen digital assets into untraceable cash.
Experts from various cybersecurity firms have indicated that these hackers are operating almost around the clock, employing sophisticated techniques to obfuscate their financial tracks. Dr. Tom Robinson, a co-founder of the crypto analytics firm Elliptic, asserts that North Korea exhibits unparalleled skill in laundering stolen cryptocurrency. “They likely have an entire team dedicated to this operation, employing automated tools and extensive experience to quickly convert the stolen crypto into usable funds,” he explained.
With reports indicating that approximately 20% of the stolen assets have now “gone dark," the likelihood of recovery appears slim. The United States and allied nations have vocally accused North Korea of conducting extensive cyber thefts to fund its military and nuclear initiatives. The vulnerability of the cryptocurrency industry, coupled with its inherent anonymity, makes it a prime target for hacking groups like Lazarus.
On February 21, a strategic hack of one of ByBit’s suppliers allowed the criminals to redirect a transfer of 401,000 Ethereum coins to their digital wallets, unbeknownst to the exchange. Despite this incident, ByBit’s CEO Ben Zhou has reassured customers that their personal funds remain unharmed. The platform is actively pursuing the recovery of stolen assets through its Lazarus Bounty initiative, which incentivizes the public to help trace and halt the movement of stolen funds.
Although blockchain technology allows for the tracing of transactions, experts warn that North Korean hackers—working with a well-established system for laundering—may succeed in avoiding detection. Recent allegations also point to crypto exchange eXch, accused of allowing drug money to flow through, complicating the recovery efforts.
While North Korea has yet to officially claim responsibility for these cyber acts, their consistent targeting of cryptocurrency exchanges marks a shift from the traditional banking targets they previously favored. In the past five years, the Lazarus Group has increasingly focused on the poorly defended crypto sector, leading to substantial financial losses.
Notable previous hacks linked to this group include the theft of $41 million from UpBit in 2019, a $275 million breach at KuCoin, and more recently, an attack on Atomic Wallet in 2023 which resulted in losses estimated at $100 million. The individuals linked to these cybercrimes have largely evaded capture due to North Korea’s isolationist policies.
As the investigation continues, the cryptosphere remains on high alert—caught in a complex web of incentives, anonymity, and advanced cyber warfare tactics deployed by one of the world’s most secretive regimes.
