A Conversation with Geoff White on Lazarus Group, the ByBit Hack and Money Laundering
Castellum.AI’s Peter Piatetsky sat down with Geoff White, an investigative journalist, world-renowned speaker and the author of The Lazarus Heist, to talk about state-sponsored cyber attacks, the impact of the latest ByBit attack (the largest heist in history with nearly $1.5bn in crypto assets stolen), the evolving money laundering tactics for such large sums and the impact on anti-money laundering (AML) efforts in the private sector.
Key Takeaways
North Korea’s Cyber Crime Program: A State-Approved Operation
The scale and nature of North Korean cybercrime is shifting: The ByBit hack enabled North Korea’s Lazarus Group to make off with $1.5 billion, far surpassing the previous record-breaking cyber heist against Axie Infinity in 2022 ($625 million).
The North Korean government has enlisted the Lazarus Group to fund its nuclear weapons program. Recent U.S. government estimates reveal that the group’s proceeds account for nearly half of North Korea’s missile program expenditures.
“North Korea’s nuclear weapons and missiles are what gives [Pyongyang] a seat at the table. Effectively, North Korea started to run out of money – it can't trade on international markets, can't borrow, can't lend, can't access finance…government hackers have been sent out on hacking missions to steal foreign currency that North Korea can then use to buy the weapons parts it needs”
See how Castellum.AI Enables Real-Time Crypto Sanctions Screening and Monitoring
The Role of Decentralized Exchanges in Modern Crypto Money Laundering
Unlike traditional financial crime, where stolen funds are laundered through physical channels, such as casinos, North Korean hackers focus on cryptocurrency theft precisely because there is no need to rely on a wide network of physical businesses to conceal and move funds through the formal financial network.
Decentralized exchanges (DEXs) are becoming more prominent. So far, funds from the ByBit hack are being processed through decentralized, wallet-to-wallet exchanges, rather than relying on crypto mixers like Tornado Cash in the early stages of the laundering process. The reason? Law enforcement and regulators have aggressively targeted mixers, with the US and others sanctioning mixers like Tornado Cash or Blender.
“There seems to be this switch to farming the money out to thousands and thousands of wallets through these decentralized exchanges, and then crossing it on bridges and then putting back in.”
Hackers are using cross-chain bridges to move funds to different blockchains where it is easier to obscure transaction trails.
Money Laundering-as-a-Service: Hackers are now leveraging organized crime groups, particularly in Southeast Asia to launder funds on their behalf.
The Geopolitical Implications of Crypto-Driven Crimes
The regime keeps stolen funds outside the country, using them to purchase weapon components, materials, and services from global suppliers.
North Korea has deepened financial and military ties with Russia since the Ukraine invasion, and experts believe the two countries may be sharing sanctions-evasion techniques.
“And now Russia is under unprecedented sanctions. There's money flowing in and out of the country. And what's interesting is the sort of movement…and the kind of laundering…where top officials between North Korea and Russia are basically trading notes.”
Southeast Asia’s Role in Financial Crime: Weak AML and KYC enforcement in Southeast Asian countries like Myanmar has made the region a hotspot for illicit finance, particularly for laundering funds from cybercrime.
How Public-Private Collaboration Can Strengthen AML Efforts
Combatting state-sponsored cybercrime requires stronger coordination between financial institutions, technology companies and law enforcement agencies.
“Collaboration between the public and the private sector is extremely important. The networks that these actors will move across, whether it's social media networks for recruiting, communicating with money laundering accomplices or finding victims—this is happening in private industry servers and systems and networks and apps. When it comes to moving the money, increasingly that's gonna be done through private industry's infrastructure, so private industry has an absolutely huge role in AML compliance.”
Criminals are increasingly using AI to enhance their operations, making it imperative for compliance teams to adopt advanced analytics and AI-driven solutions. This is especially true for financial institutions and fintechs involved in decentralized finance (DeFi), where new money laundering techniques are quickly adopted.