Hackers believed to be linked to the North Korean regime have reportedly pocketed at least $300 million from a massive $1.5 billion cryptocurrency heist. The attack, orchestrated by the notorious Lazarus Group, targeted a supplier of ByBit, a prominent cryptocurrency exchange platform. Through this breach, the hackers managed to alter digital wallet addresses, facilitating the theft of 401,000 Ethereum coins.
In the aftermath of the attack, approximately 20% of the stolen funds have "gone dark," implying that recovery is increasingly unlikely. The Lazarus Group has demonstrated exceptional skill in laundering these digital assets, successfully funneling over $90 million through the cryptocurrency exchange, eXch.
The United States and its allies have long accused North Korea of orchestrating numerous cyber attacks to fund its military and nuclear ambitions. Over the past five years, the Lazarus Group has specialized in targeting cryptocurrency companies, after previously focusing their efforts on banks. Despite mounting evidence and accusations, North Korea has consistently denied any involvement with the group.
In 2020, the United States added several North Koreans believed to be part of the Lazarus Group to its Cyber Most Wanted list. The group's operations are said to be relentless, working nearly around the clock with the potential aim of supporting North Korea's military development. Experts suggest that the hackers employ automated tools and leverage years of accumulated expertise to execute their schemes effectively.
"I imagine they have an entire room of people doing this using automated tools and years of experience. We can also see from their activity that they only take a few hours break each day, possibly working in shifts to get the crypto turned into cash." – Elliptic's analysis
The Lazarus Group's actions underscore a broader trend where North Korea is perceived as the only nation utilizing hacking for direct financial gain. According to Dr. Dorit Dor from Check Point, a reputable cybersecurity firm, North Korea's closed economy has necessitated the development of a sophisticated hacking and laundering industry.
"North Korea is a very closed system and closed economy so they created a successful industry for hacking and laundering and they don't care about the negative impression of cyber crime," – Dr Dorit Dor from cyber security company Check Point
In response to this unprecedented heist, collaborative efforts among various stakeholders have led to over 20 individuals receiving more than $4 million in rewards. These rewards were distributed for successfully tracing $40 million of the stolen funds and alerting crypto firms to block further unauthorized transfers.
Dr. Tom Robinson, co-founder of crypto investigators Elliptic, emphasized the urgency with which these hackers operate.
"Every minute matters for the hackers who are trying to confuse the money trail and they are extremely sophisticated in what they're doing," – Dr Tom Robinson, co-founder of crypto investigators Elliptic