- North Korean hackers launder $300M from ByBit’s $1.5B crypto heist.
- ByBit launches bounty program as investigators race to track stolen funds.
- Crypto exchange eXch accused of enabling Lazarus Group’s money laundering.
Hackers believed to be working for the North Korean regime have successfully laundered at least $300 million of the $1.5 billion stolen in a recent crypto heist. The cybercriminals, known as the Lazarus Group, breached the crypto exchange ByBit two weeks ago, siphoning digital assets in what is now considered one of the largest cryptocurrency thefts in history.
Since the attack, authorities and cybersecurity firms have been racing to track and freeze the stolen funds before they can be fully converted into usable cash. Experts warn that Lazarus Group is working around the clock, likely funneling the stolen money into North Korea’s military and nuclear programs.
EDITOR’S PICKS
- Lagos Assembly Crisis: ‘Obasa Lacks Integrity, Should Face EFCC’ – Rhodes-Vivour
- Suspended Lagos Assembly Clerk, Onafeko, Resumes Office After Court Reinstatement
- Israeli Forces Vow Not to Withdraw from Gaza-Egypt Border Despite Ceasefire Deal
“Every minute matters for these hackers,” says Dr. Tom Robinson, co-founder of crypto analytics firm Elliptic. “They are experts at laundering digital assets, using advanced tools and years of experience to obscure their tracks.”
According to Elliptic, about 20% of the stolen funds have now “gone dark”, meaning they are unlikely to be recovered.
The heist was carried out on February 21, when Lazarus Group infiltrated one of ByBit’s suppliers. The attackers secretly altered a digital wallet address, tricking ByBit into transferring 401,000 Ethereum tokens—worth over $1.5 billion—directly to the hackers instead of its own secure wallet.
ByBit CEO Ben Zhou has reassured customers that their funds remain safe, as the firm replenished the stolen assets with investor loans. However, he has declared “war on Lazarus”, launching a bounty program to track and freeze the stolen money.
Since all crypto transactions are recorded on public blockchains, ByBit is offering rewards to individuals who can trace the funds. So far, $40 million in stolen assets have been flagged, with participants earning $4 million in bounties.
However, cybersecurity experts remain skeptical about recovering the remaining funds, citing North Korea’s advanced laundering techniques and willingness to exploit cryptocurrency’s anonymity.
One major challenge in stopping Lazarus Group is the reluctance of some cryptocurrency exchanges to cooperate. ByBit has accused eXch, a lesser-known exchange, of allowing more than $90 million of stolen crypto to be cashed out.
FURTHER READING
- Impeached Speaker, Obasa Presides Over 4-Man Plenary
- Lagos Shuts Redeemed Church, Assemblies of God, Hotels, Others Over Pollution (PHOTOS)
- FG Plans Electricity Tariff Hike for Non-Band-A Customers
Johann Roberts, the elusive owner of eXch, initially defended his platform’s inaction, citing a dispute with ByBit and uncertainty over whether the funds were from the hack. However, he now claims to be cooperating with efforts to freeze the assets.
Roberts also criticised mainstream crypto firms for abandoning the “private and anonymous” principles of cryptocurrency by complying with authorities.
While North Korea has never officially acknowledged Lazarus Group, experts widely believe it to be a state-run hacking unit, uniquely using cybercrime as a national revenue source. Previously, the group targeted banks, but over the past five years, it has focused on cryptocurrency exchanges due to weaker security measures.
Notable Lazarus-linked heists include:
- 2019: $41 million stolen from UpBit
- 2020: $275 million stolen from KuCoin (most funds later recovered)
- 2022: $600 million stolen in the Ronin Bridge attack
- 2023: $100 million stolen from Atomic Wallet
The U.S. has added Lazarus Group members to its Cyber Most Wanted list, but their chances of being arrested remain slim unless they travel outside North Korea.
