It has been a cat-and-mouse game since the  Lazarus Group of hackers (thought to be working for the North Korean regime) successfully converted at least $300m (£232m) to unrecoverable funds. This is said to be their ground breaking $1.5bn crypto heist. The criminals swiped the huge haul of digital tokens in a jack on crypto exchange ByBit two weeks ago. Analysis (via ByBit) shows that 20% of the funds have now "gone dark", meaning it is unlikely to ever be recovered.

The US and other allies accuse the North Koreans of carrying out dozens of hacks in recent years to fund the regime's military and nuclear development. For instance: on 21st February, 2025, the criminals hacked one of ByBit's suppliers to secretly alter the digital wallet address that 401,000 Ethereum crypto coins were being sent to. ByBit thought it was transferring the funds to its own digital wallet, but instead sent it all to the hackers.

However, Ben Zhou, the CEO of ByBit, assured customers that none of their funds had been taken. The firm has since replenished the stolen coins with loans from investors, but is, in Zhou's words, "waging war on Lazarus". ByBit's Lazarus Bounty programme is encouraging members of the public to trace the stolen funds and get them frozen where possible.

All crypto transactions are displayed on a public blockchain, so it's possible to track the money as it's moved around and if the hackers try to use a mainstream crypto service to attempt to turn the coins into normal money like dollars, the crypto coins can be frozen by the company if they think they are linked to crime.

So far 20 people have shared more than $4m in rewards for successfully identifying $40m of the stolen money and alerting crypto firms to block transfers. But experts are downbeat about the chances of the rest of the funds being recoverable, given the North Korean expertise in hacking and laundering the money.