North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack

BBC - Mar 10th, 2025

Hackers believed to be from North Korea's Lazarus Group have successfully converted at least $300 million from a $1.5 billion crypto theft on the ByBit exchange into usable cash. Despite efforts from crypto investigators and ByBit's 'Lazarus Bounty' program, which has rewarded individuals for tracking stolen funds, the hackers' sophisticated money-laundering techniques have allowed them to evade detection. Dr. Tom Robinson of Elliptic highlights the hackers' relentless efforts, suggesting the funds could be supporting North Korea's military ambitions.

The implications of this heist are significant, underscoring North Korea's prowess in cybercrime and the vulnerabilities within the cryptocurrency industry. ByBit has replenished the stolen funds to maintain customer confidence but faces challenges in recovering the lost assets. Accusations have been leveled against crypto exchange eXch for allegedly facilitating the laundering process, although its owner disputes these claims. The incident highlights the ongoing threat posed by state-sponsored cybercrime and the challenges in securing digital financial systems against such sophisticated actors.

Cryptocurrency North Korea Cybersecurity Money Laundering Lazarus Group By Bit Military Funding

Story submitted by Fairstory

RATING

7.0

Fair Story

Consider it well-founded

The article provides a comprehensive overview of a significant cybercrime incident, with detailed reporting on the involvement of the Lazarus Group in the ByBit hack. It effectively uses expert quotes to enhance credibility and clarity, making complex issues accessible to a general audience. The story is timely and relevant, addressing important issues related to cybersecurity and international crime. However, it could benefit from a broader range of sources and more transparency regarding the investigative process. The article maintains a neutral tone, balancing the controversial nature of the topic with responsible reporting. Overall, it is a well-structured and informative piece that raises awareness about the risks associated with cryptocurrency and the challenges in combating state-sponsored cybercrime.

Accuracy

The story presents a detailed account of a significant crypto heist allegedly linked to North Korean hackers, specifically the Lazarus Group. The claim that $300 million has been cashed out from the $1.5 billion stolen in the ByBit hack is a major assertion, supported by references to experts like Dr. Tom Robinson from Elliptic. While the story provides specific figures and quotes, the exact methods of laundering and the full extent of North Korea's involvement require further verification. The article accurately reports the event's timeline and the involvement of the Lazarus Group, aligning with known details about their past activities. However, the story could benefit from more precise sourcing or corroboration regarding the exact amounts laundered and the effectiveness of international recovery efforts.

Balance

The article provides a balanced overview of the situation, presenting perspectives from both the victim, ByBit, and the accused, North Korea. It includes insights from security experts and representatives of involved companies, such as ByBit's CEO and the owner of eXch. However, the story could be more balanced by including more viewpoints from independent analysts or international regulatory bodies to provide a broader context. The narrative primarily focuses on the technical aspects and the ongoing efforts to recover the funds, which might overshadow other critical perspectives, such as the geopolitical implications of North Korean cyber activities.

Clarity

The article is well-structured and uses clear language to explain a complex situation. It effectively breaks down the sequence of events, the parties involved, and the ongoing efforts to recover the funds. The use of expert quotes adds clarity and authority to the narrative. However, the story could benefit from a more detailed explanation of technical terms and processes, such as how cryptocurrencies are laundered, to enhance understanding for readers who may not be familiar with these concepts.

Source quality

The article cites credible sources like Dr. Tom Robinson from Elliptic and Dr. Dorit Dor from Check Point, both of whom are recognized experts in cybersecurity. However, the story relies heavily on these sources without providing direct input from law enforcement or other international bodies that might be involved in the investigation. The inclusion of more diverse and authoritative sources, such as statements from the US government or international cybersecurity organizations, could enhance the credibility and depth of the reporting.

Transparency

The story provides a clear narrative of the hacking incident and the subsequent efforts to track the stolen funds. It openly discusses the challenges faced by ByBit and the accusations against eXch. However, the article lacks a detailed explanation of the methodologies used to trace the funds or the specific challenges in preventing such hacks. More transparency regarding the investigative process and the limitations faced by the companies involved would provide readers with a better understanding of the complexities involved.