The Billion-Dollar Crypto Blunder
Photo by Kanchanara on Unsplash
Crypto theft is nightmare fuel. Your hard-earned money disappears into someone else's pocket, and suddenly the lack of regulation in the crypto sphere means your hope of ever seeing any of that money again is vanishingly small.
So, now hackers thought to be working for North Korea have managed to successfully convert $300m of their ill-gotten $1.5bn into unrecoverable funds.
The operation to prevent them from releasing funds seems to have failed, and the crypto has gone off into the black night.
Long Hours Pay off in the case of the hackers, and ByBit got so easily played that questions need to be answered.
WorkaDay
Tracking stolen crypto isn’t impossible, blockchain transactions are public, after all. But whilst ByBit are able to freeze crypto that they think has been fraudulently obtained it is a game of cat-and-mouse trying to find the stolen assets before they disappear.
ByBit have been up against quite some force. Because Lazarus isn’t some back-alley gang; they’ve turned crypto laundering into a full-time job and they’re not working 9–5 on this one. The hackers operate in shifts, working almost 24 hours a day, using sophisticated automation tools and a level of dedication you wish your own dev team had during crunch time (could be because the rewards aren’t there, couldn’t it?).
While ByBit’s bounty hunters are working to claw back the funds, they’re fighting an opponent that has more experience at this than anyone else in the world. Lazarus has been in the game for years, orchestrating massive heists like the following:
$41M from UpBit (2019)
$275M from KuCoin (2020)
$600M from Ronin Bridge (2022)
$100M from Atomic Wallet (2023)
And that’s just what we know about.
The Crypto Industry is Still Shockingly Incompetent at Security
Crypto was supposed to be this ultra-secure, decentralized, trustless system. Instead, it’s turned into a playground for cybercriminals, where every few months another exchange gets completely wrecked.
Part of the problem is that not all crypto exchanges play nice with law enforcement. Take eXch, a shady exchange accused of helping Lazarus cash out $90M of the stolen ByBit funds.
Their excuse? “Oh, we didn’t stop the transactions because we’re in a dispute with ByBit”.
Because, you know, when you’re mad at your business rival, helping North Korean hackers launder money is totally justified.
Who’s Really Paying for This?
Let’s be real. ByBit might have taken a hit, but retail investors are the ones who ultimately suffer. Prices dip, faith in exchanges erodes, and regulations tighten.
Meanwhile, North Korea funnels these stolen billions straight into its missile and nuclear programs. So, if you’re into crypto and also into not having world war three, this should concern you.
Conclusion
The U.S. has placed Lazarus Group members on its Cyber Most Wanted list. The problem? They don’t leave North Korea, so are well insulated against Uncle Sam.
It’s time that crypto firms start taking security seriously, else we’ll be back here in six months, talking about yet another billion-dollar heist. People should have their money and be able to keep it and it not be lost due to other’s lack of security and people who are prepared to work crazy hours for crazy rewards.