Hackers thought to be working for the North Korean regime have successfully cashed out at least $300m of their record-breaking $1.5bn crypto heist.
The criminals, known as Lazarus Group, swiped the huge haul of digital tokens in a hack on crypto exchange ByBit two weeks ago.
Since then, it’s been a cat-and-mouse game to track and block the hackers from successfully converting the crypto into usable cash. Experts say the infamous hacking team is working nearly 24 hours a day—potentially funneling the money into the regime’s military development.
North Korea hackers cash crypto
Crypto investigators Elliptic told the BBC that 20 percent of the funds have now “gone dark,” meaning it is unlikely to ever be recovered.
The US and its allies accuse the North Koreans of carrying out dozens of hacks in recent years to fund the regime’s military and nuclear development.
On 21 February the criminals hacked one of ByBit’s suppliers to secretly alter the digital wallet address that 401,000 Ethereum crypto coins were being sent to. ByBit thought it was transferring the funds to its own digital wallet, but instead sent it all to the hackers.
Ben Zhou, the CEO of ByBit, assured customers that none of their funds had been taken.
The firm has since replenished the stolen coins with loans from investors, but is in Zhou’s words “waging war on Lazarus.”
So far 20 people have shared more than $4m in rewards for successfully identifying $40m of the stolen money and alerting crypto firms to block transfers.
However, experts are downbeat about the chances of the rest of the funds being recoverable, given the North Korean expertise in hacking and laundering the money.
Crypto hackers: The Lazarus Group
Another problem is that not all crypto companies are as willing to help as others. Crypto exchange eXch is being accused by ByBit and others of not stopping criminals from cashing out.
More than $90m has been successfully funneled through this exchange. But the BBC reports that the owner of eXch—Johann Roberts—disputed that via email.
He admits they didn’t initially stop the funds, as his company is in a long-running dispute with ByBit, and he says his team wasn’t sure the coins were definitely from the hack.
He says he is now cooperating, but argues that mainstream companies that identify crypto customers are betraying the private and anonymous benefits of cryptocurrency.
AFP reports that the Lazarus Group gained notoriety a decade ago when it was accused of hacking into Sony Pictures as revenge for “The Interview,” a film that mocked North Korean leader Kim Jong Un.
It was also allegedly behind the 2022 $620 million heist of Ethereum and USD Coin from the Ronin Network in 2022, previously the biggest crypto theft in history.
Related: North Korea Breaks Blockchain, Bitcoin in Chaos