North Korean hackers cash out millions from $1.5 billion crypto heist

A group of cybercriminals, believed to be linked to the North Korean regime, has successfully converted at least $300 million from their record-breaking $1.5 billion cryptocurrency theft.

The infamous Lazarus Group, known for its sophisticated cyberattacks, orchestrated the heist by breaching crypto exchange ByBit just two weeks ago. 

Since then, global investigators and cybersecurity experts have been in a high-stakes chase to track and freeze the stolen digital assets before they vanish into North Korea’s coffers—potentially funding the country’s military programs.

A Race Against Time

Dr. Tom Robinson, co-founder of crypto analytics firm Elliptic, describes the hackers as relentless and highly skilled. “They are working almost non-stop, using advanced tools and years of experience to obscure the money trail,” he explains. Analysts suspect the group operates in shifts, ensuring near-continuous movement of funds to avoid detection.

ByBit’s own investigation confirms that 20% of the stolen assets have now "gone dark", making recovery highly unlikely.

A Costly Mistake

The heist was executed through a supply chain attack on February 21, when Lazarus infiltrated one of ByBit’s service providers. The attackers secretly modified a wallet address, tricking ByBit into transferring 401,000 Ethereum (worth $1.5 billion) to the hackers’ wallets instead of its own.

ByBit’s CEO, Ben Zhou, has reassured customers that their funds remain secure, as the company covered the loss with emergency investor loans. However, ByBit has since launched the Lazarus Bounty Program, offering financial rewards to individuals who help trace and freeze the stolen funds.

So far, 20 bounty hunters have collectively earned over $4 million by identifying $40 million worth of illicit transactions, which crypto firms subsequently blocked.

Challenges in Stopping the Hackers

Despite efforts to recover the stolen funds, experts are skeptical about retrieving the remaining balance. North Korea has mastered crypto laundering techniques, making it nearly impossible to trace the money once it disappears into its underground financial networks.

Adding to the challenge, not all crypto platforms are cooperating. The exchange eXch, for instance, is accused of allowing hackers to launder over $90 million. Its owner, Johann Roberts, initially refused to block transactions, citing a business dispute with ByBit. He now claims to be cooperating but argues that increased regulation undermines cryptocurrency’s privacy benefits.

A Pattern of Cyber Heists

North Korea has long been accused of using cybercrime as a state-funded revenue stream. While the Lazarus Group previously targeted banks, they have shifted their focus to cryptocurrency firms due to weaker security protocols.

Despite mounting global pressure, North Korea denies involvement in Lazarus Group operations. The U.S. has placed key operatives on its Cyber Most Wanted list, but experts believe the likelihood of arrests is slim unless individuals attempt to leave the country.

With billions at stake, this cat-and-mouse game between hackers and investigators continues—raising serious concerns about cybersecurity, cryptocurrency regulations, and international security threats.