North Korea’s Lazarus successfully cashes out $300 million from its $1.5 billion ByBit loot

“We are waging war on Lazarus,” Ben said, announcing a bounty program where people can earn rewards for helping track and freeze the stolen funds.

So far, 20 people have received a total of $4 million in rewards for helping recover $40 million of the stolen crypto. The strategy relies on the fact that all transactions are recorded on a public blockchain, making it possible to trace the movement of the stolen money. But the problem is that Lazarus is too good at laundering crypto.

Lazarus is using crypto exchanges to cash out stolen funds

While ByBit and other exchanges are actively freezing stolen funds, not all crypto companies are cooperating. One exchange, eXch, has been accused of allowing Lazarus to cash out more than $90 million. ByBit and other firms have called out Johann Roberts, the owner of eXch, for not acting fast enough to block the criminals.

Roberts, however, denies the accusations. Over email, he admitted that eXch did not initially freeze the stolen funds, claiming that his company was in a long-standing dispute with ByBit and wasnt sure the funds were from the hack.

He now says eXch is cooperating, but at the same time, he criticized the push for more regulation, arguing that it compromises the privacy and anonymity of crypto.

The U.S. and its allies blame North Korea for dozens of crypto hacks over the years, using stolen funds to support the countrys sanctions-hit economy.

Lazarus was previously focused on hacking banks, but in the last five years, crypto exchanges have become their primary target. Dr. Dorit Dor, a cybersecurity expert at Check Point, says North Korea has perfected the art of cybercrime.

“North Korea is a very closed system and closed economy, so they created a successful industry for hacking and laundering, and they dont care about the negative impression of cybercrime,” she said.

The ByBit hack is just the latest in a long list of Lazarus attacks, including the 2019 UpBit hack ($41 million stolen), the 2020 KuCoin hack ($275 million stolen, most recovered), the 2022 Ronin Bridge attack ($600 million stolen), and the 2023 Atomic Wallet breach ($100 million stolen)

The U.S. has added Lazarus members to its Cyber Most Wanted list, but the chances of anyone getting arrested are slim unless they leave North Korea.

Despite international sanctions and law enforcement tracking their every move, Lazarus is still pulling off some of the biggest heists in the world—and cashing out.