At least $300 million (£232 million) has been successfully extracted from the record-breaking $1.5 billion North Korean cryptocurrency robbery by hackers thought to be affiliated with the North Korean government. In a hack of the cryptocurrency exchange ByBit two weeks ago, the notorious hacker collective Lazarus was able to take control of a significant quantity of digital tokens.
By breaking into one of ByBit’s suppliers, the hackers were able to surreptitiously change the digital wallet address that was being used to send 401,000 Ethereum currency. Inadvertently, ByBit gave the money to the hackers rather than its virtual wallet. Ben Zhou, the CEO of ByBit, has reassured clients that their money was unaffected by the significant heist. With investor loans, the company has since restocked the stolen coins and promised to wage war on Lazarus.”
This attack fits with a larger pattern of cybercrime supported by North Korea, which has become more sophisticated and larger in recent years. Given North Korea’s isolation and stringent international sanctions, experts believe that these actions are intended to finance the country’s military and nuclear projects.
Why Is It So Difficult to Stop Hackers?
Experts from all over the world have been working nonstop since the theft to find the hackers and prevent them from turning the stolen cryptocurrency into real money. But according to experts, the Lazarus Group is working virtually nonstop to transfer the money and obfuscate the money trail.
“The hackers who are trying to muddle the money trail are very skilled at what they do, and every minute counts,” says Dr. Tom Robinson, co-founder of the crypto investigative company Elliptic. “They probably have a whole room full of people doing this, with automated tools and years of experience,” he continues. Their activity indicates that they only take a few hours off per day, and they may work in shifts to convert the cryptocurrency into cash.
About 20% of the stolen money has already “gone dark,” which means it is unlikely that it will ever be retrieved, according to ByBit. Because of this, North Korean cryptocurrency theft is among the hardest cybercrimes to track down and recover.
According to cybersecurity experts, hackers have been honing their methods for years. To conceal their actions, they employ a combination of automated bots, advanced money laundering strategies, and anonymous cryptocurrency wallets. Since crypto-based thefts don’t depend on banks or centralized systems like traditional financial crimes do, they are much more difficult to trace.
How Is Stolen Crypto?
Most people agree that North Korea is the most sophisticated country when it comes to laundering cryptocurrency that has been stolen. According to cybersecurity specialists, the money is probably going toward the nation’s nuclear and military development initiatives.
According to Dr. Dorit Dor of the cybersecurity firm Check Point, “North Korea has established a lucrative hacking and money laundering industry because of their extremely closed system and economy, and they don’t care about the negative impression of cybercrime.”
Since every Bitcoin transaction is documented on a public blockchain, it is feasible to follow the stolen funds as they pass through several wallets. If hackers try to convert the digital tokens into fiat money using a well-known cryptocurrency exchange, the company may freeze the cash if they believe there has been illegal activity.
The Lazarus Group is renowned for its capacity to elude these initiatives, nevertheless. They frequently employ over-the-counter (OTC) trading desks, mixers, and decentralized exchanges that don’t require identity verification. By using these techniques, they can disrupt the chain of transactions and obscure the source of the pilfered money.
ByBit’s “Lazarus Bounty” initiative asks the public to assist in tracking down and blocking the stolen monies. More than $4 million has been awarded to 20 individuals so far for locating and disclosing $40 million in stolen money. Crypto companies and authorities are working harder to improve security procedures in response to the North Korean crypto robbery.
Can you tell which cryptocurrency exchanges are assisting and which are not?
Some Bitcoin exchanges have been less cooperative, but others are aggressively trying to freeze the stolen money. ByBit and others have accused cryptocurrency exchange eXch of enabling the thieves to withdraw more than $90 million.
The mysterious owner of eXch, Johann Roberts, acknowledges that his business did not originally restrict the funds. He says this was because there was still a disagreement with ByBit, and it was unclear if the coins were indeed connected to the breach. Although he now maintains that his business is collaborating, he contends that prominent cryptocurrency companies that need tight user identification are forsaking the anonymity and privacy advantages of cryptocurrencies.
Regulators are putting more pressure on cryptocurrency exchanges to adhere to more stringent compliance standards. While some experts fear the possible loss of privacy and decentralization within the business, others contend that these restrictions are essential to avert future events such as the North Korean crypto theft.
Is North Korea the Only Nation to Hack for Profit?
Although cyber espionage is practiced by many nations, North Korea is thought to be the only country that uses hacking as its main source of income. Since bitcoin exchanges are frequently less secure and have weaker anti-money laundering procedures, the Lazarus Group has shifted its attention from attacking banks.
Over the past five years, the group has been linked to several major cyber heists, including:
- The 2019 hack on UpBit, which resulted in a $41 million theft.
- The $275 million theft from crypto exchange KuCoin in 2020 (most funds were recovered).
- The 2022 Ronin Bridge attack, in which hackers stole $600 million in cryptocurrency.
- The 2023 attack on Atomic Wallet, resulting in $100 million in stolen crypto.
These examples demonstrate how the Lazarus Group has improved its techniques, making them harder to identify and stop. Hackers take advantage of flaws in digital wallets or third-party providers connected to exchanges in many of these assaults, which have similar characteristics.
Several North Koreans suspected of belonging to the Lazarus Group were added to the US Cyber Most Wanted list in 2020. But until they flee North Korea, these people have little prospect of being apprehended.
How Can Crypto Heists Be Avoided in the Future?
The security of the cryptocurrency business has come under scrutiny once more as a result of the North Korean crypto robbery. Blockchain technology offers transparency, but it also poses serious problems in terms of stopping cybercrime.
Stronger security procedures, such as multi-signature wallets, more stringent identity verification, and real-time transaction monitoring, are recommended by experts for cryptocurrency exchanges. Furthermore, better tracking and recovery of stolen assets require greater cooperation between public and private entities.
Experts caution that the North Korean crypto theft won’t be the last unless the sector drastically strengthens its security protocols as the fight against cybercrime heats up. North Korean hackers will keep using illegal cyber operations to take advantage of weaknesses and finance the regime’s goals.
Ultimately, a worldwide effort is needed to counter these threats. Exchanges, security companies, and regulatory agencies must collaborate to create solutions that safeguard users while upholding the fundamentals of decentralized finance. North Korean cybercriminals will continue to be a significant player in the field of cybercrime until that time.
