Read a version of this story in Korean.
The largest known financial heist in history has been perpetrated by a North Korean state-backed hacker group, according to experts.
The heist against Dubai-based Bybit – which claims to be the world’s second-largest cryptocurrency exchange by volume – took place on Feb. 21, during which $1.5 billion was stolen.
Several crypto security research firms have now attributed the attack to Lazarus Group, a well-known hacking group that has been involved in other high profile attacks dating back over a decade, including thefts from banks across the world and a hack of Sony Entertainment in 2014.
Lazarus, which works under North Korea’s Reconnaissance General Bureau, now primarily targets virtual asset exchanges and financial institutions, using the stolen funds to develop missiles and as a means of raising foreign currency for the North Korean regime.
The cyber attacks have prompted a series of indictments, sanctions and warnings from the United States, South Korea and other countries.
North Korea has never acknowledged a connection to Lazarus.
Various factors, including an analysis of how the stolen assets were being laundered, points to North Korea, according to Elliptic, a U.K.-based cryptocurrency security research firm.
That assessment was backed by the FBI, which referred to the hack as “TraderTraitor” in a public service announcement on Wednesday.
The stolen $1.5 billion is approximately $160 million more than the total amount stolen by North Korea in cryptocurrency hacks last year, according to research firm TRM Labs.
Laundering efforts
The FBI asked that exchanges and other entities block transactions from a list of blockchain addresses that TraderTraitor actors have been using to launder the stolen cryptocurrency. A blockchain is an online public ledger where cryptocurrency transactions are recorded.
ByBit has offered a financial reward to anyone who reports an attempt to launder the assets.
“We are taking a stand to ensure that every transaction is visible and every hacker is held accountable,” he said. “Our multi-pronged offensive is a clear message: if you steal, you will be found, and justice will be swift.”
RELATED STORIES
Cyber scams keep North Korean missiles flying
US sanctions North Korean crypto operations
US Sanctions North Korean Hacker For Sony, WannaCry Cyberattacks
Investigators can now quickly track crypto transactions, according to Andrew Fierman, head of national security intelligence at cryptocurrency analysis and security company Chainalysis.
Chainalysis has so far helped freeze over $40 million of the stolen funds, while Elliptic has assisted in freezing $243,000, both firms said.
“Industry-wide improvements in compliance make it harder for bad actors to cash out,” Fierman told Radio Free Asia.
“What’s remarkable about crypto is that the eyes of the ecosystem are on the funds as they move through the blockchain,” he said. “This level of visibility wouldn’t be possible in traditional financial markets.”
Even so, the hackers have been able to launder more than $400 million through various digital assets, according to Ari Redbord of TRM Labs.
The laundering process includes transfers through intermediary wallets, conversion into different cryptocurrencies and the use of decentralized exchanges, he told RFA.
Edited by Matt Reed and Boer Deng.