North Korean hackers, known as the Lazarus Group, have managed to cash out $300 million from the staggering $1.5 billion ByBit hack, marking one of the largest crypto heists ever recorded. The breach, which took place two weeks ago, involved the theft of 401,000 Ethereum (ETH) from the ByBit crypto exchange. Experts now confirm that 20% of the stolen funds have already disappeared into untraceable channels, making recovery highly unlikely.

Since the attack, cybersecurity teams and blockchain analysts have been in a race to track and block the stolen crypto funds before they are converted into traditional currency. However, the North Korean hackers have refined their techniques, making it difficult to stop them from laundering the stolen cryptocurrency.

According to Dr. Tom Robinson, co-founder of crypto security firm Elliptic, the Lazarus Group is working non-stop to cover its tracks.

“Every minute matters for the hackers who are trying to confuse the money trail, and they are extremely sophisticated in what they’re doing.”

North Korea has become highly effective at laundering cryptocurrency, using automation and years of experience to move funds without detection. Analysts believe much of this money is being funneled into the country’s military and nuclear programs.

How the ByBit Hack Happened

On February 21, the hackers infiltrated a supplier of ByBit, secretly altering the digital wallet address where 401,000 Ethereum was being transferred. ByBit unknowingly sent the funds straight to the hackers, believing it was a routine internal transfer.

ByBit CEO Ben Zhou reassured users that no customer funds were compromised, as the company covered the losses using loans from investors.

ByBit launched the Lazarus Bounty Program, calling on blockchain analysts and the public to trace the stolen funds and help freeze them. So far, 20 people have received more than $4 million for identifying and blocking $40 million of stolen funds.

Despite these efforts, cybersecurity specialists warn that retrieving the remaining funds will be difficult due to the hackers’ expertise in laundering money.

Why Recovering the Stolen Crypto is a Challenge

One major hurdle in tracking the stolen funds is that not all crypto exchanges are willing to cooperate. A platform called eXch has been accused of allowing over $90 million in stolen cryptocurrency to be withdrawn. The owner of eXch, Johann Roberts, initially refused to block the transactions, citing a long-standing dispute with ByBit. He later claimed to be cooperating but argued that strict crypto regulations take away the privacy that cryptocurrency was meant to provide.

North Korea’s Track Record of Crypto Heists

Although North Korea has never publicly acknowledged its connection to Lazarus Group, intelligence reports suggest it is the only country systematically using hacking as a source of revenue. Over the years, North Korean hackers have shifted focus from attacking banks to targeting crypto exchanges, which often have weaker security and fewer anti-money laundering safeguards.

Notable Crypto Heists Linked to North Korea:

• 2019: UpBit hack – $41 million stolen
• 2020: KuCoin hack – $275 million stolen (most funds recovered)
• 2022: Ronin Bridge hack – $600 million stolen
• 2023: Atomic Wallet hack – $100 million stolen

In 2020, the FBI placed North Korean hackers, including Park Jin Hyok, on its Cyber Most Wanted list. However, given the isolation of North Korea, the possibility of arrests remains slim.

What This Means for Crypto Security

The ByBit hack is a stark reminder of how vulnerable crypto exchanges remain to cyber threats. With $300 million already laundered and $1.5 billion stolen, the industry must strengthen its security protocols to prevent similar attacks.

Efforts like the ByBit Lazarus Bounty Program have had some success, but without stricter regulatory enforcement and better fraud detection systems, hackers will continue to exploit security gaps in cryptocurrency platforms for financial gain.