North Korea Laundered $300m in Crypto Heist

North Korean hackers, believed to be part of the Lazarus Group, have successfully laundered at least $300m of the $1.5bn stolen from crypto exchange ByBit in a February hack, using automated tools and experience to convert the funds into unrecoverable cash.

The hackers have been working to move the stolen assets beyond law enforcement reach, and ByBit has acknowledged that nearly 20% of the stolen funds, around $300 million, have already been "gone dark", making recovery highly unlikely. The company has replenished the stolen amount through loans from investors and has launched a bounty program to incentivize individuals to track and freeze the stolen crypto.

The US and allies accuse North Korea of using hacking to fund military and nuclear development, and the country has stolen over $5 billion from the crypto sector since 2017. The latest haul being up to $1.5 billion from the Bybit exploit. North Korea uses a network of over-the-counter (OTC) brokers to launder its stolen funds, which are monitored by US agencies in conjunction with Japan and South Korea.

The country's money laundering network is overwhelmed by the sheer volume of funds, with an average of $51 million per month needing to be off-ramped. As a result, funds sit in wallets for long periods, and North Korea is unable to off-ramp them quickly. The Bybit hack's stolen ETH has been bridged to Bitcoin via THORswap and is being fed through mixers like Wasabi and CryptoMixer, which may not be able to absorb the amount of money at play.

The incident highlights the significant challenges faced by authorities in tracking and retrieving stolen cryptocurrency, and the need for increased cooperation between crypto companies and law enforcement agencies to prevent such incidents in the future. The US government has placed several North Korean hackers on its Cyber Most Wanted list, and the Lazarus Group has been linked to several high-profile crypto heists in recent years.