The hackers of cryptocurrency exchange Bybit have resumed laundering funds stolen from the platform. According to reports, the group has moved 62,000 ETH worth about $138 million as it continues to gradually launder the stolen funds.
The Lazarus Group, which has been credited as the perpetrators of the $1.4 billion hack that took place on the exchange on February 21, now has only 156,500 ETH remaining to be moved, a pseudonymous analyst has noted.
According to X user EmberCN who broke the news, the group has now moved a total of 343,000 ETH from the 499,000 that it stole from the platform, with the user expecting the rest to be laundered in the coming days. The 343,000 ETH being moved means that the criminals have moved about 68% of the total funds, up from the reported 54% on February 28.
Bybit hackers move funds as FBI raises alarm
According to previous reports, the group’s laundering activities had slowed a bit after the United States Federal Bureau of Investigation (FBI) raised an alarm, calling on node operators, crypto exchanges, bridges, and other platforms to block transactions linked to the group. The FBI confirmed that the hack, which was carried out by the “Trade traitor”, was tied to North Korea.
The FBI referenced a report from April 2022, which mentioned that the TradeTraitor is the codename for the Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. “TraderTraitor actors are proceeding rapidly and have converted some of the stolen assets to Bitcoin and other virtual assets disperse across thousands of addresses on multiple blockchains,” the FBI said.
The FBI shared about 51 Ethereum addresses at the time, with the addresses being linked to or operated by the Bybit hackers. Blockchain analytics firm Elliptic also flagged over 11,000 crypto wallet addresses linked to the group. “Addresses associated with the Bybit exploit were identified and available to screen within just 30 minutes of the announcement, protecting customers without the need for them to conduct repetitive manual checks,” Elliptic said at the time.
Hackers trying to cover tracks during laundering activities
According to crypto forensics firm Chainalysis, the hackers have also been trying to cover their tracks when carrying out their laundering activities, converting some of the stolen Ethereum to Bitcoin. Other portions of the assets have also been converted to the DAI stablecoin and other assets, moving them through decentralized exchanges, cross-chain bridges, and using instant swap services without Know Your Customer (KYC) measures in place.
One of the platforms fingered for helping the Lazarus Group launder their stolen funds was the cross-chain asset swap protocol THORChain. The developers of the protocol received heavy backlash from stakeholders and the crypto community for facilitating a significant portion of the transfers made by North Korean-affiliated hackers. The development led to a vote on the platform on whether they should revert all the transactions linked to the hackers or not.
The vote led a developer on THORChain, Pluto, to announce his departure from the protocol, while another validator also threatened to leave. “Validators, developers, members of the community: effectively immediately, I will no longer be contributing to THORChain,” he said at the time. Pluto added that he would remain as long as he is needed to ensure that he passes his responsibilities on to another person should the protocol find someone to replace him.
Meanwhile, THORChain founder John Paul Thorbjornsen has mentioned that he no longer involves himself with the cross-chain protocol. He also added that none of the wallets that have been blacklisted by the FBI or the Treasury’s Office of Foreign Assets Control have interacted with the protocol. The $1.4 billion Bybit hack is the largest ever in the crypto industry, with the stolen funds doubling the $650 million lost to hackers in the Ronin bridge hack in March 2023.
Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot
Source: https://www.cryptopolitan.com/bybit-hackers-resume-laundering-move-eth/