North Korean hackers who orchestrated a billion-pound cryptocurrency heist have successfully cashed out over £232,000,000 of their loot.
The hackers, known as the Lazarus Group, pulled off the biggest heist in history during a raid on crypto exchange ByBit two weeks ago, which saw them plunder £1.1billion’s worth of digital currency Ethereum, the second most valuable cryptocurrency after Bitcoin.
Since then, law enforcement agencies have been engaged in an intense cat-and-mouse game with the hackers as they seek to reclaim the stolen cryptocurrency before it is converted into untraceable currency.
‘Every minute matters for the hackers who are trying to confuse the money trail and they are extremely sophisticated in what they’re doing,’ said Dr Tom Robinson, co-founder of crypto investigators Elliptic.
North Korea has a reputation of being among the best crypto launderers in the world, he added, and said the odds of tracking down the stolen assets was incredibly slim.
‘I imagine they have an entire room of people doing this using automated tools and years of experience,’ he told the BBC. ‘We can also see from their activity that they only take a few hours break each day, possibly working in shifts to get the crypto turned into cash.’
It is thought around 20% of the stolen crypto has already ‘gone dark’, meaning it is unlikely to ever be recovered.
Adam Pilton, senior cybersecurity consultant at CyberSmart, told Metro this cryptocurrency attack is the largest ‘by some significant margin’.
He added: ‘The closest attack in value was on the Ronin network, which fell victim to cyber criminals in March 2022 having $620million stolen. The third largest attack was against the Poly network in August 2021 in which they had $610million.
‘There is a common misconception that cryptocurrencies are anonymous and that’s not entirely true.
‘During my time as a cyber detective, I had to conduct cryptocurrency investigations to identify cyber criminals.
‘In one such case, I identified a dark web drug dealer through their online cryptocurrency transactions and their mistaken belief that they were 100% anonymous made my life in investigating their activities a lot easier.
‘But it’s not as simple as simply being able to look at a history of transactions and identifying those involved. There are many ways to muddy the waters and hide ownership of cryptocurrency transactions.’
ByBit CEO Ben Zhou has assured customers the rest of their funds are safe, and the company has replenished the stolen funds with loans from investors.
The company has since ‘declared war’ on Lazarus and announced a bounty programme to encourage people to track down and report the stolen crypto.
All crypto transactions are displayed publicly on a blockchain, which means it is technically possible to track the money as it is moved around by the Lazarus Group.
If the hackers try to convert the crypto into cash using conventional means, the stolen coins can be frozen and returned to their owner.
But due to North Korea’s closed economy, in which the vast majority of cash is funneled into the government, tracking down the transactions could be more difficult.
So far the initiative has paid out £4,000,000 in rewards to 20 individuals, although authorities are pessimistic about recovering the majority of the loot.
Oded Vanunu, Chief Technologist at cybersecurity firm Check Point Software, told Metro: ‘One of the key challenges in tracking and recovering stolen crypto is the fundamental nature of blockchain’s pseudonymity.
‘While transactions are recorded on-chain, the use of self-custodial wallets and advanced laundering techniques, such as mixing services (e.g., Tornado Cash) and cross-chain swaps, make tracing the flow of illicit funds extremely difficult.
‘These tools obfuscate the origin and destination of stolen assets, allowing hackers to gradually cash out without raising red flags.
‘ByBit’s decision to place a bounty on the stolen funds is an interesting move, but the effectiveness of such an approach is uncertain.
‘In most cases, once funds have been sufficiently laundered and fragmented across multiple blockchains, their recovery becomes nearly impossible unless a major operational mistake is made by the attackers.’
The Lazarus Group has been linked to a series of high-profile crypto heists in recent years, including:
- A $41m hack on UpBit in 2019
- A $275m attack on KuCoin in 2020 (with most funds recovered)
- The $600m Ronin Bridge hack in 2022
- A $100m theft from Atomic Wallet in 2023
Despite mounting evidence suggesting otherwise, Pyongyang has consistently denied any association with the Lazarus Group.
In 2020, the US added North Koreans accused of being part of the group to its Cyber Most Wanted list.
But the chances of the individuals ever being arrested are extremely slim unless they leave their country.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.
MORE: Struggling with your skin? This £4.99 personalised night cream tackles everything
MORE: Cheltenham Festival 2025: Constitution Hill can repel rivals to regain Champion Hurdle crown
MORE: Girl, 9, in coma after being struck by car while crossing road
