North Korean Lazarus Group Converts $300M from ByBit Hack into Untraceable Funds

Mon Oct 20 2025 01:09:56 GMT+0300 (Eastern European Summer Time)

Weeks after a staggering $1.5 billion crypto heist, North Korean hackers successfully launder a significant portion of their stolen assets, complicating recovery efforts.

The Lazarus Group, believed to be linked to North Korea, has managed to convert at least $300 million from a recent $1.5 billion hack of crypto exchange ByBit into untraceable funds. Experts believe the group works continuously to launder their gains, severely hindering recovery efforts by authorities.

The Lazarus Group, a hacking collective allegedly operating under the North Korean regime, has successfully laundered around $300 million of the $1.5 billion stolen in a recent cyberattack on crypto exchange ByBit. The heist took place two weeks ago, and since then, efforts to trace and block the conversion of the stolen crypto into usable cash have proved challenging.

Dr. Tom Robinson, co-founder of crypto analysis firm Elliptic, highlighted the relentless nature of the hackers’ operation. "Every minute matters for the hackers who are trying to confuse the money trail, and they are extremely sophisticated in what they're doing," he stated. Known globally for their expertise in laundering stolen cryptocurrency, North Korea's hacking team reportedly operates nearly 24/7, with systematic shifts and advanced techniques to obscure the origins of the funds.

As of now, Elliptic's findings coincide with ByBit's own assessments, indicating that about 20% of the hacked assets have "gone dark," making recovery highly unlikely. U.S. officials have accused North Korea of carrying out numerous cyber intrusions in recent years, primarily to fund its military programs and nuclear aspirations.

The incident involved a hack of ByBit’s supplier, which led to the redirection of 401,000 Ethereum coins into the hands of the hackers, unbeknownst to the crypto exchange. Following the attack, ByBit CEO Ben Zhou has assured customers that their assets remain secure, highlighting the firm’s initiative, the Lazarus Bounty program, to encourage the public to help trace and freeze the stolen funds.

So far, 20 individuals have received over $4 million in rewards for their assistance in tracing $40 million of the hacked assets. Nevertheless, experts voice skepticism regarding the recovery prospects, considering the Kremlin's sophisticated cyber capabilities. "North Korea has developed a robust system for hacking and laundering money without concern for its international reputation," remarked Dr. Dorit Dor from Check Point, a cybersecurity company.

An additional complication arises from perceived apathy within the broader crypto community. eXch, a crypto exchange accused of facilitating the flow of stolen funds, claims difficulty in identifying the illicit origins of the assets initially. Johann Roberts, the owner of eXch, has acknowledged his company did not act preemptively, suggesting confusion over the coins' origins, though he has since pledged cooperation to freeze suspicious transactions.

The Lazarus Group has made a name for itself through a series of high-profile cybercrimes targeting financial institutions and cryptocurrency platforms alike. Notable past thefts linked to the group include hacks on UpBit, KuCoin, and the Ronin Bridge, which collectively raked in hundreds of millions. With the United States labeling key individuals in the group as Cyber Most Wanted, the likelihood of arrest remains low, particularly as the perpetrators continue to operate from within North Korea.