The staggering $1.4 billion hack of the Bybit crypto exchange has entered its next phase, with stolen funds likely being laundered through mixers to obfuscate their origins, according to blockchain security firm Elliptic. The firm attributes the attack to North Korea’s infamous Lazarus Group, a state-backed cybercrime syndicate known for high-profile crypto heists.
On February 21, hackers drained approximately $1.46 billion in crypto from the Dubai-based exchange in what is now the largest crypto heist in history. This surpasses previous high-profile breaches, including the Poly Network hack in 2021 and the Ronin Network breach in 2022.
Elliptic reported that Lazarus follows a distinct laundering pattern, beginning with converting stolen tokens into native blockchain assets such as Ethereum (ETH). The group has now entered the “layering” stage, where they attempt to obscure the funds’ trail by using multiple strategies, including transferring crypto across numerous wallets, leveraging cross-chain bridges, swapping assets on decentralized exchanges, and utilizing privacy-focused mixing services like Tornado Cash.
Just two hours after the heist, the stolen funds were dispersed across 50 different wallets, each containing roughly 10,000 ETH. These wallets are now being “systematically emptied,” with at least 10% of the assets already on the move, Elliptic noted.
One particular crypto exchange, identified as eXch, has reportedly facilitated the laundering efforts, ignoring Bybit’s requests to block transactions involving the stolen funds. eXch has denied any involvement, despite allegations that tens of millions of dollars worth of stolen crypto have been swapped on the platform.
Blockchain sleuth ZachXBT previously reported that Lazarus laundered over $200 million in stolen crypto between 2020 and 2023, primarily utilizing mixers and peer-to-peer marketplaces. However, a recent report from Chainalysis indicates a shift, with criminal groups increasingly relying on cross-chain bridges rather than traditional mixers to clean their funds.
Also Read: $49.5M Ethereum Transfer Raises Red Flags After Bybit’s $1.46B Hack – Is Another Attack Underway?
Meanwhile, Bybit CEO Ben Zhou reassured users that the exchange has fully replaced the stolen $1.4 billion worth of Ether. A new audited proof-of-reserves report is expected soon, aiming to restore confidence in the platform after this historic breach.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
About The Author
