North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack
Hackers thought to be working for the North Korean regime have successfully cashed out at least $300m (£232m) of their record-breaking $1.5bn crypto heist. The criminals, known as Lazarus Group, swiped the huge haul of digital tokens in a hack on crypto exchange ByBit two weeks ago.Since then, it's been a cat-and-mouse game to track and block the hackers from successfully converting the crypto into usable cash.Experts say the infamous hacking team is working nearly 24 hours a day - potentially funnelling the money into the regime's military development. "Every minute matters for the hackers who are trying to confuse the money trail and they are extremely sophisticated in what they're doing," says Dr Tom Robinson, co-founder of crypto investigators Elliptic.Out of all the criminal actors involved in crypto currency, North Korea is the best at laundering crypto, Dr Robinson says."I imagine they have an entire room of people doing this using automated tools and years of experience. We can also see from their activity that they only take a few hours break each day, possibly working in shifts to get the crypto turned into cash."Elliptic's analysis tallies with ByBit, which says that 20% of the funds have now "gone dark", meaning it is unlikely to ever be recovered. The US and allies accuse the North Koreans of carrying out dozens of hacks in recent years to fund the regime's military and nuclear development.On 21 February the criminals hacked one of ByBit's suppliers to secretly alter the digital wallet address that 401,000 Ethereum crypto coins were being sent to.ByBit thought it was transferring the funds to its own digital wallet, but instead sent it all to the hackers.
Ben Zhou, the CEO of ByBit, assured customers that none of their funds had been taken.The firm has since replenished the stolen coins with loans from investors, but is in Zhou's words "waging war on Lazarus".ByBit's Lazarus Bounty programme is encouraging members of the public to trace the stolen funds and get them frozen where possible.All crypto transactions are displayed on a public blockchain, so it's possible to track the money as it's moved around by the Lazarus Group.If the hackers try to use a mainstream crypto service to attempt to turn the coins into normal money like dollars, the crypto coins can be frozen by the company if they think they are linked to crime.So far 20 people have shared more than $4m in rewards for successfully identifying $40m of the stolen money and alerting crypto firms to block transfers.But experts are downbeat about the chances of the rest of the funds being recoverable, given the North Korean expertise in hacking and laundering the money."North Korea is a very closed system and closed economy so they created a successful industry for hacking and laundering and they don't care about the negative impression of cyber crime," Dr Dorit Dor from cyber security company Check Point said.
Another problem is that not all crypto companies are as willing to help as others.Crypto exchange eXch is being accused by ByBit and others of not stopping the criminals cashing out.More than $90m has been successfully funnelled through this exchange.But over email the elusive owner of eXch - Johann Roberts - disputed that.He admits they didn't initially stop the funds, as his company is in a long-running dispute with ByBit, and he says his team wasn't sure the coins were definitely from the hack.He says he is now co-operating, but argues that mainstream companies that identify crypto customers are abandoning the private and anonymous benefits of crypto currency.
North Korea has never admitted being behind the Lazarus Group, but is thought to be the only country in the world using its hacking powers for financial gain.Previously the Lazarus Group hackers targeted banks, but have in the last five years specialised in attacking cryptocurrency companies. The industry is less well protected with fewer mechanisms in place to stop them laundering the funds.Recent hacks linked to North Korea include:The 2019 hack on UpBit for $41mThe $275m theft of crypto from exchange KuCoin (most of the funds were recovered)The 2022 Ronin Bridge attack which saw hackers make off with $600m in cryptoApproximately $100m in crypto was stolen in an attack on Atomic Wallet in 2023In 2020, the US added North Koreans accused of being part of the Lazarus Group to its Cyber Most Wanted list. But the chances of the individuals ever being arrested are extremely slim unless they leave their country.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Daily Mirror
7 hours ago
- Daily Mirror
Inside Kim Jong-Un's North Korea as smuggled smartphone reveals new scary rule
South Korean slang words are banned in North Korea - and the smartphone even takes an undetected screenshot every five minutes, with the images presumably seen by the Communist government A contraband smartphone from North Korea has laid bare the chilling tactics employed by supreme leader Kim Jong Un to maintain his iron-clad grip over citizens. The seemingly innocuous handset is engineered to suppress any hints of South Korean vernacular and even stealthily snaps a screenshot every five minutes. These covert captures are then stashed away in an inscrutable folder, thought to be monitored by the ruling Communist party. An attempt to input the term "oppa" - a word that nominally means "older brother" in Korean but has gained romantic connotations in modern South Korea - results in an automatic rewrite to "comrade." The user is promptly reprimanded with a pop-up alerting them that "oppa" is strictly for referring to elder siblings. Moreover, typing "South Korea" triggers a shocking autocorrect to "puppet state". The device was sneakily transported out of the Hermit Kingdom by Daily NK, a Seoul-based news outlet, last year and unearthed during a BBC probe, reports the Daily Star. North Korean technology and information specialist Martyn Williams imparted to the UK broadcaster that smartphones have become a crucial tool in Pyongyang's propaganda arsenal. "Smartphones are now part and parcel of the way North Korea tries to indoctrinate people," he revealed. This Stimson Center senior fellow residing in Washington, DC, also cautioned that the cloistered nation is increasingly gaining the upper hand in its informational stranglehold #. Just this year, Kim elevated the stakes by criminalising the usage of South Korean slang or accents as tantamount to high treason. 'Youth crackdown squads' are reportedly patrolling the streets to monitor young North Koreans. Dissident Kang Gyuri, 24, recounted her experiences of being abruptly stopped and scolded for emulating South Korean fashion and hair. Fortunately, she managed to flee the oppressive regime by boat in 2023 and now resides in South Korea. Speaking to the BBC, Kang revealed that the regime's agents would seize her phone to search for any forbidden South Korean terms in her messages. North Korea outlaws all foreign culture, including television, newspapers, and music. Consequently, reports suggest that thousands of USB drives and micro-SD cards packed with South Korean dramas and K-pop tunes are smuggled across the border monthly, concealed within fruit boxes. Kang expressed that it was her eventual discovery of life outside North Korea which spurred her decision to defect. She said: "I felt so suffocated, and I suddenly had an urge to leave. "I used to think it was normal that the state restricted us so much. I thought other countries lived with this control. But then I realised it was only in North Korea."
The Courier
2 days ago
- The Courier
‘Call me Mr Tea' — The people scalded by Perthshire's great tea scandal
Picture the scene: Paris. March 14, 2015. The great and good of the world's tea industry gather for a lavish party, a celebration of their achievements over the past 12 months. This night at the Salon de Thé awards is a special one for Scotland, as Perthshire's own Wee Tea Plantation scores a coveted gold award. The company's Dalreoch white tea has been crowned the best tea in the world. The announcement sparks a media buzz. The plantation's Tam O'Braan tells BBC Five Live presented Nicky Campbell that morning he cannot attend the ceremony as his wife is about to give birth to twins. But he says he is sending a colleague to read out the speech he penned. 'I suppose you could call me Mr Tea after winning such a major award,' he told reporters. Coupled with a silver gong from the Tea Exchange in London, it really is a remarkable achievement for a Scottish business – particularly one set up just over six months earlier. Except the awards ceremony never happened. O'Braan – known by prosecutors as Thomas Robinson – made it up to boost sales and win contracts. The fake awards were part of a wider deception that hoodwinked not only the owners of some of the country's best known hotels but also wholesalers, journalists, landowners and businesses. Robinson was this week convicted of an elaborate £550k fraud, taking in five-star hoteliers and genuine tea growers. At his trial, he distanced himself from the Salon de Thé prize claiming it was gourmet tea firm Mariage Freres' award. But he said he remembered seeing some kind of gold medallion. 'I didn't get to keep it,' he said. 'But it must have had some standing because the buyers from Fortnum and Mason wanted to display it in their store.' Asked if the whole thing was made up, he said: 'I'm taking it on trust that the award does exist.' The Courier was also caught up in Robinson's web of lies. In February 2017, we reported how thieves had stolen tea leaves from his Dalreoch farm. The report was based on information provided to us by the company, while Robinson was recovering from a heart attack we were told. The theft was never reported to Police Scotland and it emerged during the trial the thefts may have been faked ahead of a council inspection of the land. Here we look at just a handful of others who were caught out by Robinson's great tea blag. In hindsight, alarm bells should have been ringing for London tea seller Alistair Rea, when Robinson – his best customer – asked him to sign a Non-Disclosure Agreement (NDA). The document was purportedly a legally binding contract demanding Mr Rea's silence on all correspondence between him and Robinson. Robinson first contacted sole-trader Mr Rea in August 2015, when his business What-Cha, selling top end tea from around the world, was starting out on eBay. He asked how degradable his loose leaf black tea was, before putting in an order for 30kg. He asked for it to be delivered to a PO address in Glasgow's Bath Street. Over a period of nearly three-and-a-half years, Robinson ordered about 700kg of loose leaf tea from as far afield as China, Malawi and Sri Lanka, often at thousands of pounds a time. He often asked about the produce and requested photos to see if they were 'leafy enough'. Mr Rea, 36, said he had never before been asked by a customer to sign a confidentiality agreement. 'I agreed to sign it to keep the business relationship going,' he said. The paper was sent from Robinson – not from a lawyer – in October 2015, not long after he began buying from What-Cha. In February 2016, Robinson visited Mr Rea's business premises – a spare room at his Islington home – to pick up more tea. Robinson explained to the tea vendor he had been out of action for a while following a heart attack and would making big orders to help catch up with customers. Mr Rea did not know Robinson had a tea plantation but suspected he had been selling on his tea leaves. Peter Pejacsevich, a forester and farmer who owns 680 acres of land on the banks of Loch Tummel, said his interest was piqued when reading a news article about Scottish tea plantations in 2016. One of the people mentioned in the piece was Perthshire's Tam O'Braan whose tea, it stated, was being sold by Fortnum and Mason. Mr Pejacsevich, 70, decided to investigate further, with the idea of growing tea plants on his own land. By email, he contacted Robinson, who he knew only as O'Braan, before meeting up at his Amulree site. There, he could see about 100 or so plants, about a metre high, despite Robinson's claims he had a field of tens of thousands of plants near his home. 'I can't recall if he said if these were grown on the farm but the implication was that they were grown there,' said Mr Pejacsevich. The London-based landowner noticed Robinson had a slight limp, which he told him was 'the result of military action'. Mr Pejacsevich struck a deal to buy 1,200 plants at £15,000. Robinson was given a key and granted access to the farmer's land at Loch Tummel. He told Mr Pejacsevich a group of agricultural students had been employed to harvest the leaves. These so-called 'woofers' – a term for people who work for rural firms in exchange for bed and board – were said to have stayed at the farm with Robinson, although there was no evidence they ever existed. Some time later, Mr Pejacsevich was shown a tea menu from the Balmoral Hotel. It offered jasmine green tea 'grown on the banks of Loch Tummel'. Mr Pejacsevich said there had been no other teas growing near the loch and stressed he had not given Robinson permission to sell on tea from his plantation. In court, Robinson blamed a man called 'Billy' for looking after Mr Pejacsevich's crops. Antiques dealer and farmer Henry Baggott was – initially at least – an enthusiastic supporter. 'It was interesting to hear someone was growing tea in Scotland and doing it so well,' he said. 'It was exciting that someone was championing this here in Scotland.' He got in touch with Robinson – or O'Braan as he knew him – in 2015 and went to visit his farm. There he saw a few hundred plants. 'From what I saw, they seemed to be pretty healthy but it was all new to me at that stage.' During their talks, Robinson told Mr Baggott he had been in the army, 'in a regiment like the Paras.' 'If someone tells you they had been in the army, you believe them,' he said. After tests on his own soil at his wife's family farm near Castle Douglas, Baggott agreed to buy 700 plants. 'Tam came with a team from the plantation. 'There was very little guidance from Tam – it was very much dig a hole, pop in a plant and away we go. 'At the time, we thought this was great. 'It was only subsequently we looked closer and could see they had been badly planted and were in poor quality. They soon started dying.' In the first year, between 25-to-30% of the plants were lost. After about seven years, he only managed to harvest about 100 grammes of tea. Mr Baggott said Tam 'was a very hard man to get hold of after we initially planted his plants.'
NBC News
3 days ago
- NBC News
Hegseth says U.S. will stand by Indo-Pacific allies against 'imminent' threat of China
Defense Secretary Pete Hegseth reassured allies in the Indo-Pacific on Saturday that they will not be left alone to face increasing military and economic pressure from China, while insisting that they also contribute more to their own defense. He said Washington will bolster its defenses overseas to counter what the Pentagon sees as rapidly developing threats by Beijing, particularly in its aggressive stance toward Taiwan. China has conducted numerous exercises to test what a blockade would look like of the self-governing island, which Beijing claims as its own and the U.S. has pledged to defend. China's army 'is rehearsing for the real deal,' Hegseth said in a keynote speech at a security conference in Singapore. 'We are not going to sugarcoat it — the threat China poses is real. And it could be imminent.' China has a stated goal of having its military have the capability to take Taiwan by force if necessary by 2027, a deadline that is seen by experts as more of an aspirational goal than a hard war deadline. But China also has built sophisticated man-made islands in the South China Sea to support new military outposts and developed highly advanced hypersonic and space capabilities, which are driving the United States to create its own space-based 'Golden Dome' missile defenses. Speaking at the Shangri-La Dialogue, a global security conference hosted by the International Institute for Security Studies, Hegseth said China is no longer just building up its military forces to take Taiwan, it's 'actively training for it, every day.' Hegseth also called out China for its ambitions in Latin America, particularly its efforts to increase its influence over the Panama Canal. He urged countries in the region to increase defense spending to levels similar to the 5% of their gross domestic product European nations are now pressed to contribute. 'We must all do our part,' Hegseth said. Following the speech, the European Union's top diplomat Kaja Kallas pushed back at Hegseth's comment that European countries should focus their defense efforts in their own region and leave the Indo-Pacific more to the U.S. She said that with North Korean troops fighting for Russia and China supporting Moscow, European and Asian security were 'very much interlinked.' He also repeated a pledge made by previous administrations to bolster U.S. military capabilities in the Indo-Pacific to provide a more robust deterrent. While both the Obama and Biden administrations had also committed to pivoting to the Pacific and established new military agreements throughout the region, a full shift has never been realized. Instead, U.S. military resources from the Indo-Pacific have been regularly pulled to support military needs in the Middle East and Europe, especially since the wars in Ukraine and Gaza. In the first few months of President Donald Trump's second term, that's also been the case. In the last few months the Trump administration has taken a Patriot missile defense battalion out of the Indo-Pacific in order to send it to the Middle East, a massive logistical operation that required 73 military cargo aircraft flights, and sent Coast Guard ships back to the U.S. to help defend the U.S.-Mexico border. Hegseth also cautioned that playing both sides, seeking U.S. military support and Chinese economic support, carries risk. 'Economic dependence on China only deepens their malign influence and complicates our defense decision space during times of tension,' Hegseth said. Asked how he would reconcile that statement with Trump's threat of steep tariffs on most in the region, Hegseth he was 'in the business of tanks, not trade.' Australia's Defense Minister Richard Marles welcomed Hegseth's assurance that the Indo-Pacific was an American strategic priority and agreed that Australia and other nations needed to do their part. 'Reality is that there is no effective balance of power in this region absent the United States, but we cannot leave it to the United States alone,' he said. Still, Marles suggested the Trump administration's aggressive trade policies were counterproductive. 'The shock and disruption from the high tariffs has been costly and destabilizing.' China usually sends its own defense minister to this conference, but Dong Jun did not attend this year in a snub to the U.S. over the erratic tariff war Trump has ignited with Beijing. Their absence was something the U.S. delegation said it intended to capitalize on. 'We are here this morning. And somebody else isn't,' Hegseth said. Hegseth said committing U.S. support for Indo-Pacific nations would not require local governments to align with the West on cultural or climate issues. It's not clear if the U.S. can or wants to supplant China as the region's primary economic driver. But Hegseth's push follows Trump's visit to the Middle East, which resulted in billions of dollars in new defense agreements.
