Getty ImagesHackers thought to be working for the North Korean regime have successfully cashed out at least$ 300m ( £232m ) of their record-breaking$ 1.5bn crypto heist.
The criminals, known as Lazarus Group, swiped the huge haul of digital tokens in a hack on crypto exchange ByBit two weeks ago.
Since then, it’s been a cat-and-mouse activity to observe and prevent the hackers from effectively converting the blockchain into useful money.
Experts say the infamous hackers team is working almost 24 hours a day- probably funnelling the cash into the government’s defense development.
” Every tiny things for the thieves who are trying to deceive the money road and they are incredibly powerful in what they’re doing”, says Dr Tom Robinson, co-founder of crypto authorities Elliptic.
Out of all the legal players involved in crypto money, North Korea is the best at fraud bitcoin, Dr Robinson says.
” I imagine they have an overall area of people doing this using automated equipment and years of experience. We can also see from their task that they only take a few hours break each day, probably working in shifts to get the blockchain turned into cash”.
Elliptic’s study tallies with ByBit, which says that 20 % of the funds have then “gone dark”, meaning it is unlikely to ever be recovered.
The US and supporters accuse the North Koreans of carrying out lots of tricks in recent years to finance the government’s defense and nuclear growth.
On 21 February the crooks hacked one of ByBit’s manufacturers to quietly change the digital wallet handle that 401, 000 Ethereum blockchain coins were being sent to.
ByBit thought it was transferring the money to its own digital bag, but otherwise sent it all to the thieves.
Getty ImagesBen Zhou, the CEO of ByBit, assured buyers that none of their money had been taken.
The company has since replenished the stolen currencies with money from investors, but is in Zhou’s thoughts “waging battle on Lazarus”.
ByBit’s Lazarus Bounty program is encouraging members of the public to track the stolen money and find them frozen where feasible.
All crypto deals are displayed on a public bitcoin, so it’s possible to record the income as it’s moved around by the Lazarus Group.
If the hackers try to use a conventional crypto company to attempt to change the coins into ordinary funds like dollars, the crypto coins can remain frozen by the company if they think they are linked to crime.
So far 20 people have shared more than$ 4m in rewards for successfully identifying$ 40m of the stolen money and alerting crypto firms to block transfers.
But experts are downbeat about the chances of the rest of the funds being recoverable, given the North Korean expertise in hacking and laundering the money.
” North Korea is a very closed system and closed economy so they created a successful industry for hacking and laundering and they don’t care about the negative impression of cyber crime”, Dr Dorit Dor from cyber security company Check Point said.
Another problem is that not all crypto companies are as willing to help as others.
Crypto exchange eXch is being accused by ByBit and others of not stopping the criminals cashing out.
More than$ 90m has been successfully funnelled through this exchange.
But over email the elusive owner of eXch- Johann Roberts- disputed that.
He admits they didn’t initially stop the funds, as his company is in a long-running dispute with ByBit, and he says his team wasn’t sure the coins were definitely from the hack.
He says he is now co-operating, but argues that mainstream companies that identify crypto customers are abandoning the private and anonymous benefits of crypto currency.
FBINorth Korea has never admitted being behind the Lazarus Group, but is thought to be the only country in the world using its hacking powers for financial gain.
Previously the Lazarus Group hackers targeted banks, but have in the last five years specialised in attacking cryptocurrency companies.
The industry is less well protected with fewer mechanisms in place to stop them laundering the funds.
Recent hacks linked to North Korea include:
- The 2019 hack on UpBit for$ 41m
- The$ 275m theft of crypto from exchange KuCoin ( most of the funds were recovered )
- The 2022 Ronin Bridge attack which saw hackers make off with$ 600m in crypto
- Approximately$ 100m in crypto was stolen in an attack on Atomic Wallet in 2023
In 2020, the US added North Koreans accused of being part of the Lazarus Group to its Cyber Most Wanted list. But the chances of the individuals ever being arrested are extremely slim unless they leave their country.