North Korean hackers steal record $1.5 billion in single crypto hack, security firm says

North Korean hackers have stolen $1.5 billion in cryptocurrency in a single heist, making it the largest crypto hack on record, security experts told CNN.

The hack hit Bybit, which describes itself as the world’s second-largest cryptocurrency exchange, with over 40 million users.

In a matter of minutes on Friday, the hackers stole a significant portion of North Korea’s reported annual gross domestic product. And over the weekend, the hackers were already laundering about $160 million of the stolen loot through a series of accounts connected to North Korean operatives, according to crypto-tracing firm TRM Labs. In a single hack, the North Koreans have nearly doubled what they stole in crypto last year, the firm said.

It’s an early test for how the Trump administration will address the steep challenge of trying to prevent North Korea from funding its nuclear and missile programs through hacking.

“We’ve never seen anything on this scale before. The ability of these illicit financial networks to absorb such huge amounts of money so quickly is deeply concerning,” said Nick Carlsen, a former FBI intelligence analyst focused on North Korea who now works at TRM Labs.

North Korea’s formidable hacking corps is an essential source of revenue for the nuclear-armed, sanctions-battered dictatorship, according to current and former US and South Korean officials.

North Korean hackers have stolen billions of dollars from banks and cryptocurrency firms in the last several years, according to reports from the United Nations and private firms. About half of North Korea’s missile program has been funded by such digital heists, a White House official said in 2023.

Bybit CEO Ben Zhou has told users that the firm is solvent and can cover the loss of the $1.5 billion, the firm said in a statement. “Bybit worked closely with regulators and law enforcement agencies to address the hack,” the statement said.

An FBI spokesperson said the bureau had no comment on the Bybit heist.

CNN has requested comment from the North Korean embassy in London.

Once a big crypto heist is carried out, North Korean operatives have to get the money back to Pyongyang. The laundering process usually involves a series of swaps through different types of digital currency, before eventually being converted to US dollars or Chinese yuan.

US and South Korean law enforcement agents monitoring the laundering process usually have mere minutes to pounce and seize some of the stolen loot. CNN previously reported on one such sting operation that clawed back $1 million out of $100 million the North Koreans had allegedly stolen from a California-based cryptocurrency firm.

Investigators are currently trying to intercept some of the $1.5 billion stolen from Bybit. One group of crypto security experts said they helped recover about $43 million in stolen funds so far. Tom Robinson, co-founder of Elliptic, another crypto-tracing firm, said that an additional $243,000 of the stolen money had been seized: “A drop in the ocean, but a start.”

Bybit said it would give 10% of any recovered funds to security experts who played a role in retrieving the stolen money.

Carlsen, the former FBI analyst, said the US and others need to be more aggressive in trying to intercept the North Koreans’ stolen crypto hauls.

“The current strategy from governments and industry clearly isn’t working,” Carlsen said. “People should be going back through drawing board right now on how to deter and punish North Korea for these hacks.”

Source: CNN
--Agencies