- North Korean hackers made off with $1.4bn
- LazarusBounty has recovered millions
- Regulatory trust is essential
A theft of $1.4 billion could devastate most firms, but Dubai-based crypto exchange Bybit sought the help of bounty hunters to reclaim its funds and preserve its reputation.
After North Korea’s Lazarus Group breached its crypto wallets in March, Bybit initiated “LazarusBounty,” one of the most extensive efforts to trace, freeze, and recoup stolen crypto assets.
Bounty hunting has emerged as a significant sector within cryptocurrency. Bybit offered up to 10 percent of the total amount for any funds that could be frozen or recovered. According to the LazarusBounty webpage, over $2.3 million has been disbursed to 13 bounty hunters.
So far, more than $73 million has been frozen and nearly $30 million has been recovered, with Bybit tracing an additional $141 million.
The exchange estimates that around $102 million is still traceable, while over $1 billion has “gone dark,” meaning recovery is highly unlikely.
Bybit has effectively treated the hack as just a minor obstacle. Within two months, it accumulated more users, surpassing the 70 million milestone.
The exchange compensated customer accounts affected by the hack using its own funds and remains the second-largest cryptocurrency exchange globally by trading volume, trailing only Binance.
“Scams occur every day… [bounty hunts] are relatively commonplace,” Yury Serov, head of investigations at blockchain analytics firm Global Ledger, tells AGBI.
“Bounty hunters need to trace where those funds went and ensure they are frozen and returned to the victims,” he elaborates.
While recovering stolen funds typically involves coordination with authorities—which is challenging in the case of the Lazarus Group because of its North Korean ties—some “on-chain” recoveries are still feasible, explains Serov.
This is because cryptocurrencies must enter the legal economy for laundering, often via avenues like gambling or shell companies, similar to other stolen assets. It is at this point that investigators like Serov and his team can trace funds and collaborate with exchanges or stakeholders to freeze and return them to their rightful owners.
However, this process is complex, and the Lazarus Group is infamous for its adeptness in stealing and laundering stolen cryptocurrencies.
In incidents like Bybit’s hack, the focus of bounty hunting extends beyond just financial recovery.
“Trust from regulators is vital,” compliance advisor Graeme Hampton tells AGBI.
Complex hacks such as Bybit’s present an opportunity for companies and regulators to learn from these events to enhance compliance and cybersecurity, according to Hampton.
“The money wasn’t the main issue, whether they recovered $100 million or $200 million. It was crucial to demonstrate that private investigators could track and identify stolen [crypto] currencies,” he states.
Further reading:
Further reading:
The bounty hunt also positively influenced the company’s public image, according to Hampton, along with an assertive crisis-communications strategy during the hack.
LazarusBounty has been ongoing for about six months, and the longer it continues, the more difficult it becomes to recover any additional assets.
“The highest likelihood of retrieving funds and freezing them is during the first hours and days post-incident,” Serov advises.
“After that, the chances decrease—five, ten, or even fifteen times lower,” he notes.
Bybit did not respond when inquired about its expectations for recovering more funds.
Source link
