A group of North Korean hackers, known as the Lazarus Group, is engaged in an intense effort to launder funds stolen in the recent ByBit cyberattack. The cybercriminals have already successfully laundered at least $300 million from the $1.5 billion they stole in one of the largest crypto heists ever. The attack took place two weeks ago, and experts are now racing against time to track and block the hackers’ efforts to convert the stolen cryptocurrency into usable cash.

Lazarus Group’s Advanced Laundering Tactics

The Lazarus Group, widely believed to be operating under the direction of the North Korean government, is notorious for its advanced methods of laundering stolen cryptocurrency. Cybersecurity experts suggest that these hackers are working around the clock to move and conceal the stolen funds. Dr. Tom Robinson, co-founder of blockchain analysis firm Elliptic, says, “Every minute counts for these hackers as they try to obscure the money trail.” Robinson describes them as highly skilled, organized, and relentless.

North Korea has emerged as the most advanced nation in terms of laundering stolen digital assets. “I imagine they have a whole team working in shifts, utilizing automated tools and their vast experience,” Robinson added. Their activities are non-stop, with only a few hours of downtime each day.

According to Elliptic’s analysis, about 20% of the stolen funds have already “gone dark,” meaning these funds are likely lost for good. The U.S. and its allies have long accused North Korea of using cybercrime to fund its military and nuclear programs, including attacks on financial institutions and cryptocurrency exchanges worldwide.

The ByBit Hack: How It Happened

The cyberattack on ByBit, a major cryptocurrency exchange, occurred on February 21. Hackers infiltrated a supplier of ByBit and subtly altered a digital wallet address, causing the exchange to unknowingly transfer 401,000 Ethereum tokens directly to the criminals. ByBit CEO Ben Zhou swiftly reassured customers that their funds were secure. The exchange replenished the stolen amount with loans from investors, with Zhou vowing to wage a relentless fight against Lazarus Group.

In response to the attack, ByBit launched the Lazarus Bounty program, aimed at encouraging the public to assist in tracing and blocking the stolen funds. As all crypto transactions are recorded on a public blockchain, tracking these funds is possible. If the hackers attempt to convert the stolen crypto into traditional currency via mainstream platforms, the funds can be frozen as soon as they are flagged as criminal.

So far, 20 individuals have earned over $4 million in rewards for identifying and blocking $40 million of the stolen assets. Despite these efforts, experts are skeptical about recovering the remaining funds. Dr. Dorit Dor, from cybersecurity firm Check Point, explains, “North Korea operates a closed economy, making it difficult to halt their laundering efforts. They simply don’t fear the consequences.”

Challenges in Recovering the Stolen Crypto

Recovering stolen funds from a crypto heist is already a difficult process, and it is made even more complicated by the lack of cooperation from some crypto exchanges. One such platform, eXch, is facing accusations of allowing the hackers to launder over $90 million in stolen funds. ByBit and other security experts claim eXch failed to take action to block the transactions when they were flagged. However, eXch’s owner, Johann Roberts, disputes these claims. He initially refused to block the transactions, citing an ongoing dispute with ByBit and the lack of clarity regarding the origins of the funds. Roberts now says his company is cooperating but insists that the tracking of crypto transactions infringes on privacy rights.

North Korea’s History of Crypto Attacks

Though North Korea has never publicly acknowledged its involvement in Lazarus Group, the country remains the only known state to use cyberattacks to fund its national goals, particularly its military programs. Over the past several years, Lazarus Group has moved from targeting banks to focusing on cryptocurrency exchanges, which tend to have weaker security measures.

Lazarus Group has been linked to several high-profile crypto heists in recent years, including:

• The 2019 hack on UpBit, where $41 million was stolen
• The 2020 KuCoin hack, which saw $275 million stolen (most of which was later recovered)
• The 2022 Ronin Bridge attack, in which hackers made off with $600 million
• The 2023 Atomic Wallet attack, which resulted in a $100 million theft

In 2020, the U.S. government placed several members of the Lazarus Group on its Cyber Most Wanted list. However, until these individuals leave North Korea, the chances of their arrest remain slim.

The Road Ahead

The Lazarus Group’s ongoing cybercrimes highlight the complexities of crypto-related thefts and the difficulties in tracking stolen funds. While ByBit’s bounty program has helped block some of the stolen assets, experts remain doubtful that the full recovery of the funds is feasible. The situation continues to evolve, with global authorities and cybersecurity experts working together to mitigate the threat posed by North Korea’s most notorious hacking group.

As the battle to track the stolen funds continues, it’s clear that North Korea’s cyber capabilities are only growing stronger, and the international community must remain vigilant in its efforts to counter these threats.

For further updates and insights into the cryptocurrency world, visit Wallstreet Storys.