Hackers Linked to North Korea Launder $300 Million from Record $1.5 Billion ByBit Heist

March 10, 2025 — Hackers connected to North Korea’s notorious Lazarus Group have successfully laundered at least $300 million from one of the largest cryptocurrency thefts in history, targeting the prominent crypto exchange ByBit. The heist, which occurred two weeks ago, saw cybercriminals steal $1.5 billion in digital assets, a sum that has become a focal point in an ongoing global cybersecurity effort.

The Lazarus Group, which has been accused of using cyberattacks to fund North Korea’s military and nuclear ambitions, has been actively working to move the stolen funds beyond the reach of law enforcement. Despite efforts from investigators and cybersecurity firms to track and block the stolen assets, experts warn that the full recovery of the funds is unlikely.

Dr. Tom Robinson, co-founder of blockchain intelligence firm Elliptic, explained, “Every minute counts for these hackers, who are highly sophisticated in obfuscating the money trail. They operate with extreme efficiency, likely working in shifts, and use advanced automated tools to launder the funds.”

ByBit has confirmed that around 20% of the stolen funds, amounting to approximately $300 million, have already “gone dark,” making recovery increasingly difficult. In response, ByBit CEO Ben Zhou assured customers that the company is committed to securing their funds, having replenished the stolen amount through loans from investors. He also announced a “war on Lazarus,” launching a bounty program to incentivize individuals and firms to help track and freeze the stolen cryptocurrency.

So far, the initiative has resulted in rewards totaling $4 million, leading to the identification and blocking of $40 million worth of stolen assets. However, authorities remain pessimistic about recovering the majority of the loot.

The Lazarus Group has long been linked to several high-profile crypto heists, including the $41 million hack on UpBit in 2019, a $275 million attack on KuCoin in 2020 (with most funds later recovered), the $600 million Ronin Bridge hack in 2022, and a $100 million theft from Atomic Wallet in 2023. North Korea is believed to be using these cybercrimes to circumvent international sanctions and fund its weapons programs.

Dr. Dorit Dor of cybersecurity firm Check Point emphasized, “North Korea has effectively built a cybercriminal empire to fund its regime. They have no regard for the legal or reputational consequences of their actions.”

In addition to the Lazarus Group’s increasing skill in targeting cryptocurrency platforms, the issue is compounded by the complicity of some crypto exchanges. ByBit has accused the exchange eXch of facilitating the laundering of over $90 million worth of stolen funds through its platform. Johann Roberts, the elusive owner of eXch, initially resisted blocking the funds but later claimed his company is now cooperating with investigators.

Read more: Hackers have found a new way into gmail – Here’s how!

Despite mounting evidence of North Korean involvement, Pyongyang has consistently denied any links to the Lazarus Group. The US government has placed several North Korean hackers on its Cyber Most Wanted list, but given the secretive nature of the regime, the likelihood of arrests remains remote.