pump.fun among the main means

After stealing more than a billion dollars in ETH from Bybit, the exploiter is engaging in money laundering to cover their tracks. 

In fact, not only are the Ethereum addresses from which the funds were illegally taken known, but it is also possible to trace their movements on-chain. 

In an attempt to cover their tracks, the exploiter is laundering money by issuing tokens on Pump.fun and using other tools like mixers. 

The ETH stolen from Bybit and the money laundering attempts

According to the data published by Arkham, the crypto exchange Bybit held more than 450,000 ETH. After the theft on Saturday, less than 60,000 remained.

Since the addresses from which the funds were stolen are known, and given that their on-chain movements can be publicly traced, it was discovered that a portion was being laundered by issuing tokens on Pump.fun.

The platform, however, collaborated with the exchange to prevent this from happening, so much so that Bybit publicly thanked it for acting quickly to block and remove a token based on Solana whose creator might be affiliated with the group of hackers that carried out the theft.

However, the number of ETH stolen is such that the exploiter must use various solutions to try to launder them in order to lose their trace. 

In fact, Bybit has not only thanked Pump.fun, but also many other platforms that are helping to prevent the exploiter from laundering the stolen ETH. Among these stand out Tether and Circle, the issuers of USDT and USDC, since the best way to monetize stolen crypto funds is to convert them into stablecoin.

The recovery

Today the CEO of Bybit, Ben Zhou, stated that the exchange has already fully restored its reserves in ETH.

He also promised the publication soon of a new PoR (Proof of Reserve) report to demonstrate that Bybit is back to 100% 1:1 on customer assets.

However, this does not mean that they have managed to recover part of the loot.

To restore the accounts and become completely solvent again, the exchange was forced to borrow money in order to repurchase the ETH on the market. 

In fact, not by chance after the drop from $2,700 to $2,600 on Saturday, the price of Ethereum then rose above $2,800 on Sunday, precisely thanks to the buybacks by Bybit.

It should be emphasized that the exploiters have not yet managed to sell large quantities of stolen ETH, partly due to the difficulties they are encountering in their laundering attempts. Instead, the exchange in about two days has repurchased large quantities of ETH, thus increasing the buying pressure. 

However, now the price of Ethereum has returned to around $2,700. 

“`html

The return to normality

“`

Yesterday, Bybit had declared that the on-chain deposits and withdrawals had returned to normal. Credit must be given to the exchange for handling the issue very well.

Note that, not only was it the largest on-chain theft of all time in terms of dollar value, but it also appears to be the largest ever, even outside the crypto world.

However, the same CEO of Bybit had already pointed out on Saturday that the amount stolen in fiat is roughly equivalent to the annual profits of the exchange, which suggests that within about 12 months they might be able to cover the gap. 

In the meantime, they managed not only to never interrupt withdrawal requests, but also to fulfill them all, even if not all immediately. Furthermore, within just two days, they also restored the system to normal. 

The solution was to borrow the missing funds from other entities, including competing exchanges, in order to rebuild the reserves as quickly as possible and to never have to interrupt withdrawals. 

Now over the course of the next few months, they will presumably use the profits to repay these debts. 

The hacker attack on Bybit

The attack on Bybit was most likely carried out by the North Korean group Lazarus.

It was an attack never seen before, very creative and decidedly sophisticated.

It is important to remember that the Lazarus Group is effectively supported by the North Korean dictatorial regime, and therefore has substantial resources and total impunity. 

The hypothesis is that the hackers manipulated Bybit’s Ethereum cold wallet through a falsified user interface and a malicious alteration of the smart contract.

As suggested by CZ from Binance, and then confirmed by Ben Zhou, it was not an attack that penetrated the internal systems of the exchange, but one that breached the cold wallet Safe.

Unfortunately, this type of hacker is becoming increasingly sophisticated and skilled, and this necessitates significantly raising the current security standards, especially for those who hold large sums.