North Korea appears to have pulled off the world’s biggest heist, another worrying sign of the hermit kingdom’s growing prowess in cybercrime.
State-backed hackers stole about $1.5 billion from cryptocurrency exchange Bybit last week, according to the FBI. That’s more than the largest known bank theft of all time, when Saddam Hussein stole $1 billion from Iraq’s central bank on the eve of the 2003 war.
Pyongyang agents took more in the attack on the popular platform than all the funds stolen by North Korean cybercriminals last year, according to cryptoanalysts Chainalysis: more than $1.3 billion. Leader Kim Jong Un is increasingly relying on “elite units” of hackers to prop up the regime’s “failing economy”, said The Telegraph.
The ‘magnum opus’
Just after 2pm on Friday 21 February, a “notorious group of hackers” pulled off what could be “their magnum opus”, said The Independent. In just minutes, they stole from one of the world’s most popular crypto exchanges and “funnelled” the digital currency “across the internet to anonymous wallets”.
Investigators were able to follow the funds in real time using the blockchain – the online ledger of every crypto transaction. They noted a pattern of laundering “closely mirroring a technique” used by The Lazarus Group: one of the world’s “most sophisticated hacking operations”.
The group, allegedly “backed by North Korea since its inception in 2009”, caused “worldwide chaos” in 2017 with the WannaCry ransomware attacks, which infected 200,000 computers across 150 countries – including NHS systems. But this latest theft would be the group’s “largest strike to date” – the haul is equivalent to North Korea’s entire annual defence budget.
Bybit CEO Ben Zhou has called for a “war against Lazarus”, issuing a $140 million bounty to recover the funds. The move, a first for the industry, could mark the beginning of “coordinated global action” to “take down Lazarus”.
A ‘haven’ for hackers
In the past, Pyongyang “relied on its elite hacking cadres to conduct espionage or steal trade secrets”, said The Telegraph. Science prodigies are identified at a young age, and “pushed to compete in international maths and programming competitions”.
But increasingly, these hackers are being used as “a weapon of economic warfare”: a way to “bolster the coffers” of a regime battered by sanctions and the Covid-19 pandemic. And the “virtually unregulated” cryptocurrency industry is a “haven” for hackers.
Attacks by North Korean groups have “plagued the industry for years”, said The New York Times.
Last year, hackers linked to the country stole more than $1.3 billion in cryptocurrency: a “dramatic jump” from the $660 stolen in 2023, reported The Guardian, and about 61% of the $2.2 billion stolen globally. The proceeds of The Lazarus Group’s “audacious thefts” are believed to have funded the regime’s nuclear and missile programmes.
“Hackers linked to North Korea have become notorious for their sophisticated and relentless tradecraft, often employing advanced malware, social engineering, and cryptocurrency theft to fund state-sponsored operations and circumvent international sanctions,” Chainalysis said in its report.
These attackers are getting “better and faster at massive exploits”.