Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it’s investigating the financials of Elon Musk’s pro-Trump PAC or producing our latest documentary, ‘The A Word’, which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.
Hackers linked to North Korea’s infamous Lazarus group have reportedly cashed out hundreds of millions from the $1.46bn (£1.16bn) they stole in the world’s biggest-ever heist pulled last month.
Investigators – including British blockchain analytics firm Elliptic – tracking the stolen funds say about 20 per cent of the stolen $1.46bn-worth in digital currency has now gone dark, meaning the amount has already been laundered and is unlikely to be recovered.
The digital currency was stolen from the Dubai-based crypto exchange ByBit on 21 February.
The FBI confirmed the heist, saying North Korea was responsible. It warned that the hackers are “proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets dispersed across thousands of addresses on multiple blockchains.”
“It is expected these assets will be further laundered and eventually converted to fiat currency,” the FBI said.
Initial reports found that malware was used to trick the exchange into approving transactions to wallets owned by hackers.
Within just a few minutes, the stolen funds were quickly funnelled across the internet to other crypto exchanges and anonymous wallets, completing the biggest heist in history.
Following the assets being laundered in real-time, investigators spotted patterns that pointed to a link to one of the world’s most notorious hacking outfits – the Lazarus Group – backed by North Korea.
They say the hackers are carrying out a sophisticated operation to move the stolen funds around, using automated tools and working in shifts around the clock to convert the stolen digital currency into cash.
“North Korea has developed a powerful and sophisticated capability to not only breach target organisations and steal cryptoassets, but also to launder these proceeds through thousands of blockchain transactions,” Elliptic warned in a blog post.
Experts caution that the move could be a broader strategy of the North Korean regime to generate revenue from cybercrime, with the $1.46bn stolen in the heist nearly equalling Pyongyang’s annual defence budget.
As part of their modus operandi, Lazarus hackers first exchange stolen crypto tokens for a “native” blockchain asset such as Ether.
“This is because tokens have issuers who in some cases can ‘freeze’ wallets containing stolen assets, whereas there is no central party who can freeze Ether or Bitcoin,” Elliptic explained.
“This is exactly what happened in the minutes following the Bybit theft, with hundreds of millions of dollars in stolen tokens such as stETH and cmETH exchanged for Ether,” the firm noted.
The stolen funds are then sent through a series of crypto wallets to conceal and complicate the transaction trail, which then gives the hackers valuable time to cash out the assets.
“Within two hours of the theft, the stolen funds were sent to 50 different wallets, each holding approximately 10,000 ETH. These wallets were then emptied one by one over the next nine days,” Elliptic said.
The firm says businesses are being alerted by its software if they receive proceeds from this theft. “This has already directly led to the seizure of some of the funds stolen from Bybit,” the firm said.
Source: https://www.independent.co.uk/tech/north-korea-crypto-heist-laundering-b2712114.html