Silke Mayr North Korean Hackers Successfully Launder Stolen Funds
The Lazarus Group, a cybercriminal organization linked to North Korea, has successfully laundered at least $300 million (£232m) from their record-breaking cryptocurrency theft. This massive heist, amounting to $1.5 billion, took place after the group breached the ByBit crypto exchange two weeks ago. As of now, experts and authorities are working to track the stolen funds, but the hackers have used advanced techniques to obscure their trail, making recovery efforts difficult.
Experts believe the stolen and laundered money is likely being used to fund North Korea’s military and nuclear programs. Dr. Tom Robinson, co-founder of crypto forensics firm Elliptic, explained, “Every moment counts for these cybercriminals as they attempt to conceal their financial trail. They are exceptionally skilled in these operations.”
Advanced Techniques and North Korea’s Cyber Expertise
North Korea is widely regarded as one of the most adept nations in laundering stolen cryptocurrency, according to Dr. Robinson. “They likely have an entire team working with automated tools and years of expertise,” he said. “Their activities suggest they take only brief breaks, likely operating in shifts to process stolen funds.”
Elliptic’s findings align with ByBit’s assessment that 20% of the stolen assets have already “gone dark,” meaning these funds have become almost impossible to trace. As a result, experts fear that recovering the remaining funds will be extremely challenging.
The Global Impact of North Korean Cybercrime
North Korea’s cyberattacks have raised concerns among international authorities, particularly as the country is accused of using these operations to fund its regime. On February 21, the Lazarus Group exploited a supplier of ByBit to secretly modify a digital wallet address. This led to the accidental transfer of 401,000 Ethereum tokens to the hackers.
Despite the attack, ByBit CEO Ben Zhou assured customers that their assets remained safe. The company replenished the stolen funds through investor-backed loans and continues to pursue the hackers. ByBit also introduced the Lazarus Bounty program, offering rewards to individuals who help track and freeze stolen assets.
Since cryptocurrency transactions are publicly visible on blockchain ledgers, investigators can monitor how the Lazarus Group moves funds. If the hackers attempt to cash out using mainstream crypto services, authorities can flag and freeze the assets.
Rewards and Ongoing Efforts to Track Stolen Funds
So far, 20 individuals have earned over $4 million in rewards for identifying $40 million in stolen funds. These individuals have alerted crypto firms and helped to prevent further loss. However, experts remain skeptical about recovering the remaining assets due to North Korea’s advanced skills in laundering stolen funds.
Dr. Dorit Dor, a cybersecurity expert from Check Point, stated, “North Korea operates within a closed economy, where cybercrime has become an industry. They are unconcerned about reputational damage.” This suggests that the Lazarus Group’s activities may continue undeterred as the country’s government does not face significant external consequences.
Crypto Exchanges and Illicit Transactions
Not all cryptocurrency exchanges are cooperating in efforts to stop criminal activities. ByBit and other exchanges have accused the eXch exchange of enabling hackers to cash out more than $90 million in stolen funds. Johann Roberts, the owner of eXch, denied the accusations, claiming that the delay in blocking the funds was due to an ongoing dispute with ByBit. He argued that requiring customer identification undermines the cryptocurrency industry’s core principle of anonymity but claimed his exchange is now cooperating with authorities.
North Korea’s History of Crypto Heists
Although North Korea has never publicly acknowledged its connection to the Lazarus Group, the country is known for exploiting its cyber capabilities to fund its regime. Over the past several years, Lazarus has shifted focus from attacking banks to targeting cryptocurrency firms, which typically have weaker security measures.
Some of the most notable hacks linked to North Korea’s Lazarus Group include:
- The 2019 UpBit breach, which stole $41 million
- The $275 million KuCoin hack, with most of the funds later recovered
- The 2022 Ronin Bridge attack, resulting in a $600 million theft
- The 2023 Atomic Wallet hack, which led to a $100 million loss
In 2020, the U.S. government added suspected Lazarus Group members to its Cyber Most Wanted list, but their chances of arrest remain slim unless they leave North Korea.
A Growing Threat in the Cryptocurrency Space
The Lazarus Group’s latest cryptocurrency heist highlights the growing threat of state-sponsored cybercrime. As North Korea continues to leverage its cyber expertise to fund its regime, global authorities face an uphill battle in tracking and recovering stolen assets. The ongoing efforts of cryptocurrency exchanges, blockchain analysts, and international governments are essential to combatting these sophisticated cybercriminal operations.
For more updates on this developing story, visit Financial Mirror.