North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack

A group of hackers believed to be working for the North Korean government has successfully stolen a staggering amount of money from a cryptocurrency exchange called ByBit. This theft is reported to be around $1. 5 billion, and experts estimate that the hackers have already converted at least $300 million of this amount into cash that is unlikely to be recovered. The hackers, known as the Lazarus Group, have been very active in their efforts to turn the stolen cryptocurrency into usable funds. According to Dr. Tom Robinson, a co-founder of a company that investigates cryptocurrency crimes, North Korea is exceptionally skilled at laundering stolen cryptocurrency. He suggests that the hackers likely have a dedicated team working around the clock, utilizing automated tools and their extensive experience to achieve their goals. Dr. Robinson notes that they only take a few hours off each day, indicating their commitment to their illicit activities. ByBit has reported that approximately 20% of the stolen funds have 'gone dark,' meaning that it is highly unlikely that these funds will ever be recovered. The United States and its allies have accused North Korea of conducting numerous hacks in recent years to finance its military and nuclear programs. On February 21, the hackers managed to alter the digital wallet address of one of ByBit's suppliers, leading to the misdirection of 401,000 Ethereum coins. ByBit believed it was transferring the funds to its own wallet, but instead, the coins were sent directly to the hackers. Ben Zhou, the CEO of ByBit, has assured customers that their funds are safe and that the company is actively working to recover some of the stolen money. To aid in this effort, ByBit has launched a program called the Lazarus Bounty, which encourages the public to help trace the stolen funds and freeze them where possible. Since all cryptocurrency transactions are recorded on a public blockchain, it is possible to track the movement of the stolen money. If the hackers attempt to use a mainstream cryptocurrency service to convert their coins into traditional currency, those companies can freeze the transactions if they suspect they are linked to criminal activity. So far, 20 individuals have received over $4 million in rewards for successfully identifying $40 million of the stolen funds and alerting cryptocurrency firms to block the transfers. However, experts remain pessimistic about the chances of recovering the remaining funds, given North Korea's expertise in hacking and laundering money. Dr. Dorit Dor, a cybersecurity expert, points out that North Korea has developed a successful industry for hacking and laundering money, and they do not seem to care about the negative perception associated with cybercrime. Another challenge in this situation is that not all cryptocurrency companies are willing to cooperate. ByBit has accused a company called eXch of allowing the hackers to cash out, with more than $90 million successfully funneled through this exchange. Johann Roberts, the owner of eXch, has disputed these claims, stating that they did not initially stop the funds due to an ongoing dispute with ByBit and uncertainty about the origin of the coins. He claims that his company is now cooperating but argues that mainstream companies that identify cryptocurrency customers are undermining the privacy and anonymity that cryptocurrencies offer. North Korea has never officially acknowledged its involvement with the Lazarus Group, but it is believed to be the only nation using its hacking capabilities for financial gain. In the past, the Lazarus Group targeted banks, but in recent years, they have shifted their focus to cryptocurrency companies, which are less protected and have fewer mechanisms in place to prevent money laundering. Some notable hacks linked to North Korea include a $41 million hack on UpBit in 2019, a $275 million theft from KuCoin (most of which was recovered), a $600 million attack on Ronin Bridge in 2022, and a $100 million theft from Atomic Wallet in 2023. In 2020, the United States added North Koreans believed to be part of the Lazarus Group to its Cyber Most Wanted list, but the likelihood of these individuals being arrested remains extremely low unless they leave the country.