North Korean Hackers Successfully Launder $300 Million in Record Crypto Heist

Thu Oct 23 2025 05:46:30 GMT+0300 (Eastern European Summer Time)

The notorious Lazarus Group has managed to turn a portion of stolen cryptocurrency from ByBit into cash, with experts concerned about the implications for both security and international relations.

In a recent unprecedented crypto heist, North Korean hackers known as the Lazarus Group successfully laundered $300 million of the $1.5 billion stolen from crypto exchange ByBit. This operation highlights the group's sophisticated methods and the challenges authorities face in recovering the funds.

In an astonishing cyber heist, North Korean hackers, identified as the Lazarus Group, have successfully laundered at least $300 million of their record-breaking $1.5 billion theft from cryptocurrency exchange ByBit. This high-profile hacking incident occurred just two weeks ago, and experts have underscored the complexities of tracing the funds.

The Lazarus Group is notorious for its relentless attacks, and Dr. Tom Robinson, co-founder of the crypto investigation firm Elliptic, stated that the hackers appear to be operating almost continuously, using advanced techniques to obscure the money trail. "Every minute matters for the hackers, and they exhibit extreme sophistication in their methods," said Dr. Robinson, who emphasizes that North Korea is unparalleled when it comes to laundering cryptocurrency.

According to Elliptic's investigations, ByBit has confirmed that 20% of the stolen funds are now "dark," suggesting they may never be recovered. The recent hack involved manipulating a supplier of ByBit to redirect a massive transfer of 401,000 Ethereum coins to the hackers' digital wallets, a move that ByBit believed was merely transferring funds internally.

ByBit's CEO, Ben Zhou, has publicly reassured customers that their funds remain secure and has initiated a bounty program aimed at tracking and freezing the stolen assets. With the transparency of blockchain technology, tracking the hackers' movements is feasible, especially if they attempt to convert their gains into traditional currency. “So far, 20 individuals have earned over $4 million in rewards by successfully identifying $40 million of the stolen funds,” Zhou announced.

Despite the collaborative efforts, experts are cautious about the prospects of recovering the remaining funds, attributing North Korea's success to a well-established culture of cyber crime. "This closed economy has fostered a thriving environment for hacking and laundering without regard for the negative image it casts," noted Dr. Dorit Dor, a cybersecurity specialist.

Compounding the challenge is the fact that not all cryptocurrency exchanges are cooperative. ByBit has accused the exchange eXch of facilitating the laundering process, claiming that over $90 million was funneled through their platform. Johann Roberts, the owner of eXch, acknowledged the ongoing dispute with ByBit and their initial hesitance to block the funds, asserting he is now complying with the investigation.

While North Korea has never officially admitted involvement with the Lazarus Group, it is the only nation reportedly exploiting its cyber capabilities for financial gain. In recent years, the group shifted focus from bank hacking to targeting cryptocurrency companies, which are often less fortified against such attacks. Their notable hacks include the $41 million breach at UpBit in 2019, a $275 million theft from KuCoin, and a staggering $600 million taken from the Ronin Bridge in 2022.

Despite attempts by the US to address the situation, including adding members of the Lazarus Group to its Cyber Most Wanted list in 2020, the likelihood of apprehending these hackers remains exceptionally low unless they travel outside North Korea. The intersection of cyber crime and geopolitical tensions continues to present formidable challenges for international authorities.