North Korean Hackers Cash Out Hundreds of Millions from $1.5B ByBit Hack
North Korean state-sponsored hackers, known as the Lazarus Group, have successfully laundered at least $300 million from their record-breaking $1.5 billion hack on crypto exchange ByBit. According to blockchain security experts, the cybercriminals have been working around the clock to obscure the money trail, making recovery efforts increasingly difficult.
The ByBit Hack: A Sophisticated Crypto Heist
The attack took place on February 21, when Lazarus Group exploited one of ByBit’s suppliers to redirect 401,000 Ethereum tokens intended for ByBit’s digital wallet. The hackers altered the wallet address, tricking ByBit into transferring the funds directly to them.
ByBit CEO Ben Zhou reassured customers that their funds remained safe, as the platform replenished the stolen assets using investor-backed loans. However, the exchange has since launched a full-scale response to track and freeze the stolen funds, including a bounty program encouraging the public to help identify suspicious transactions.
Laundering the Stolen Funds
Experts from blockchain analytics firm Elliptic report that 20% of the stolen funds—around $300 million—have already “gone dark,” meaning they are likely unrecoverable. Dr. Tom Robinson, Elliptic’s co-founder, noted that North Korea’s hackers are the most advanced in the world at laundering cryptocurrency.
"They are extremely sophisticated and work in shifts nearly 24 hours a day. Their goal is to confuse the money trail before authorities and crypto firms can act," Robinson explained.
The stolen crypto is being moved through decentralized exchanges and privacy mixers, making it difficult to track. While some funds have been successfully frozen, a significant portion has already slipped through security nets.
Crypto Firms Divided on Blocking Stolen Funds
One of the biggest challenges in recovering stolen assets is cooperation from crypto exchanges. While many platforms actively track and block illicit transactions, others are accused of enabling cybercriminals.
For instance, ByBit has publicly criticized a crypto exchange called eXch for allegedly allowing Lazarus to cash out more than $90 million without intervention. Johann Roberts, eXch’s owner, denied these claims but admitted his exchange was slow to react due to a dispute with ByBit.
Roberts also argued that freezing transactions undermines the fundamental principles of crypto—privacy and decentralization. However, regulators and cybersecurity experts insist that without proper enforcement, exchanges risk becoming a safe haven for illicit activity.
North Korea’s Growing Crypto Hacking Empire
Lazarus Group has been responsible for some of the biggest crypto heists in history, using stolen funds to finance North Korea’s weapons programs. Their previous cyberattacks include:
2019: $41 million stolen from UpBit
2020: $275 million stolen from KuCoin (most funds recovered)
2022: $600 million Ronin Bridge hack
2023: $100 million stolen from Atomic Wallet
Despite international sanctions and North Korean hackers being placed on the U.S. Cyber Most Wanted list, experts believe these cybercriminals are unlikely to be arrested unless they leave the country.
Conclusion
The ByBit hack is another stark reminder of the vulnerabilities within the crypto industry. While blockchain transparency allows stolen funds to be tracked, the decentralized nature of the sector enables sophisticated laundering techniques.
As regulators and exchanges struggle to keep up with the growing threat of state-sponsored cybercrime, investors and crypto firms must remain vigilant. The ongoing war against Lazarus Group highlights the urgent need for stronger security measures and international cooperation to protect the future of digital finance.
Author
Surabh Yadav
