The Lazarus Group has successfully moved 20% of the stolen $1.5 billion, evading recovery efforts.
Lazarus Group Moves Stolen Crypto
North Korean hacking group Lazarus has laundered at least $300 million from the $1.5 billion ByBit hack, making it increasingly difficult to recover the stolen funds. The cybercriminals exploited a vulnerability in a ByBit supplier on February 21, rerouting 401,000 Ethereum tokens to their own wallets instead of the exchange’s intended destination.
Crypto Laundering at an Unprecedented Scale
Blockchain security experts say Lazarus is operating nearly 24 hours a day, using sophisticated tools to obscure the money trail. “Every minute matters for the hackers who are trying to confuse the money trail,” said Dr. Tom Robinson, co-founder of crypto analytics firm Elliptic. Analysts believe these stolen funds may be funneled into North Korea’s military and nuclear programs.
Tracking the Funds: A Race Against Time
ByBit has launched a bounty program offering rewards to those who help trace and freeze the stolen funds. So far, 20 participants have received over $4 million for identifying $40 million in illicit transactions. However, experts warn that most of the funds are likely unrecoverable, given North Korea’s experience in crypto laundering.
Exchanges Under Scrutiny for Enabling Laundering
Certain crypto exchanges, including eXch, have been accused of allowing Lazarus to cash out stolen funds. Over $90 million has reportedly been funneled through eXch, prompting criticism from ByBit and industry watchdogs. While the exchange’s owner initially denied wrongdoing, he later claimed to be cooperating with authorities.
North Korea’s Expanding Cybercrime Operations
Lazarus Group has shifted from targeting traditional banks to cryptocurrency exchanges, capitalizing on weaker security measures. Previous hacks attributed to North Korea include:
- $41 million stolen from UpBit in 2019
- $275 million taken from KuCoin in 2020 (partially recovered)
- The $600 million Ronin Bridge attack in 2022
- $100 million stolen from Atomic Wallet in 2023
The U.S. has designated Lazarus Group members as cybercriminals, but extradition remains unlikely due to North Korea’s isolation.
Disclaimer:
The information provided on 13Desk is for informational purposes only and should not be considered financial advice. We strongly recommend conducting your own research and consulting with a qualified financial advisor before making any investment decisions. Investing in cryptocurrencies carries risks, and you should only invest what you can afford to lose. 13Desk is not responsible for any financial losses incurred from your investment activities.
