The $1.4 billion Bybit hack, the largest crypto heist in history, has entered a critical phase as stolen funds are likely being laundered through crypto mixers, according to blockchain security firm Elliptic. This development raises serious concerns about illicit fund tracing, regulatory responses, and the effectiveness of security measures in the crypto space.
Elliptic: Hackers Likely Turning to Mixers to Obscure Trails
In its latest report, Elliptic attributed the hack to North Korea’s Lazarus Group, a notorious cybercrime syndicate responsible for hundreds of millions in stolen digital assets over the years. Based on historical laundering tactics, Elliptic believes that mixers may be the next step in concealing the transaction trail.
“If previous laundering patterns are followed, we might expect to see the use of mixers next,” the report states. However, due to the sheer volume of stolen assets, obfuscating the movement of $1.4 billion worth of crypto could prove challenging.
Inside the Lazarus Group’s Laundering Playbook
The Lazarus Group follows a distinct laundering process, Elliptic noted:
- Exchanging stolen tokens for native blockchain assets, such as ETH.
- Layering funds by distributing them across a complex web of wallets and services to disguise their origin.
- Utilizing cross-chain bridges, decentralized exchanges, and mixers like Tornado Cash to further obscure the money trail.
Elliptic’s Feb. 23 blog post revealed that the hackers are now in the second stage, where they systematically move assets to disrupt forensic tracking efforts. Within two hours of the heist, the stolen funds were distributed across 50 different wallets, each containing roughly 10,000 ETH.
Since then, these wallets have been systematically emptied, with at least 10% of the stolen assets already on the move.
eXch Allegedly Facilitating Stolen Fund Laundering
Elliptic further claims that eXch, a crypto exchange known for anonymous asset swapping, has played a key role in laundering tens of millions of dollars from the Bybit hack. The firm alleges that eXch refused to block illicit transactions, despite direct requests from Bybit.
In response, eXch vehemently denied laundering money for Lazarus Group, stating in a Feb. 23 forum post that it was not involved in illicit activities.
Are Criminals Moving Away from Mixers?
While mixers have traditionally been a go-to tool for laundering stolen funds, blockchain intelligence firm Chainalysis has reported a decline in their usage by criminal groups, including Lazarus. Instead, cybercriminals are increasingly using cross-chain bridges to move illicit funds across different blockchain ecosystems.
However, ZachXBT, a renowned blockchain investigator, found that Lazarus successfully laundered over $200 million in stolen crypto between 2020 and 2023, primarily through mixers and peer-to-peer (P2P) marketplaces.
Bybit’s Response and the Road to Recovery
Despite the attack, Bybit CEO Ben Zhou announced on Feb. 24 that the exchange has fully replenished the $1.4 billion worth of stolen Ether and will soon publish a new audited proof-of-reserve report. This move is expected to reinforce user confidence and showcase Bybit’s ability to recover from unprecedented financial attacks.
What This Means for Crypto Security
The Bybit hack underscores the evolving tactics of cybercriminal organizations and the urgent need for stronger security frameworks in crypto exchanges. As global regulators intensify scrutiny, exchanges will need to enhance compliance measures and collaborate with blockchain analytics firms to prevent future attacks.
With $1.4 billion in stolen funds still in circulation, the coming weeks will reveal whether law enforcement and blockchain forensics can track and intercept these assets or if they will vanish into the depths of crypto’s dark laundering channels.
