The notorious North Korean hacking syndicate, Lazarus Group, has begun laundering a portion of the 400,000 ETH stolen from Bybit in a devastating $1.4 billion crypto heist. This move raises fresh concerns over the effectiveness of blockchain tracking and the vulnerabilities that persist in the DeFi ecosystem.
Lazarus Group Sets Laundering in Motion
Blockchain investigator ZachXBT was the first to detect suspicious activity linked to the Bybit hack, identifying 5,000 ETH being funneled through a complex laundering operation. He shared key wallet addresses and timestamps in a Telegram update, which was later confirmed by Bybit CEO Ben Zhou in an X post. However, less than an hour later, Zach deleted his post, fueling speculation about behind-the-scenes developments.
The stolen funds initially moved into a fresh Ethereum address before being processed through eXch, a centralized mixer often used to obscure on-chain transactions. The funds were then bridged to Bitcoin via Chainflip, a strategic step in Lazarus’ well-documented laundering playbook.
Bybit Sees a Surge in Deposits Amid Crisis
Despite the attack, Bybit has seen a dramatic $4 billion surge in deposits over the past 12 hours, according to data from SoSoValue and TenArmor. These inflows include:
- 63,168 ETH
- $3.15 billion in USDT
- $173 million in USDC
- $525 million in CUSD
A significant portion of these funds originated from Bybit’s cold wallets, moving into hot wallets to facilitate withdrawals and secure liquidity from external providers.
Bybit Hack Tied to Phemex Breach?
Adding another layer of intrigue, ZachXBT later posted on X, revealing an on-chain connection between the Bybit and Phemex hacks. According to his findings, a shared wallet address—0x33d057af74779925c4b2e720a820387cb89f8f65— links the two breaches, suggesting Lazarus may have orchestrated both attacks as part of a larger campaign.
Bybit’s Ben Zhou swiftly addressed concerns, assuring users that withdrawals were back at full speed within 12 hours of the attack.
“12 hours from the worst hack in history. ALL withdrawals have been processed. Our withdrawal system is fully back to normal pace,” Zhou stated.
He also promised a full incident report and updated security measures in the coming days.
Crypto’s Biggest Heist in History
With $1.5 billion stolen, the Bybit hack now ranks as the largest crypto theft ever recorded, surpassing:
- $611 million from Poly Network (2021)
- $570 million from Binance (2022)
For years, Lazarus Group has targeted crypto exchanges to fund North Korea’s regime, refining their laundering tactics through mixers, cross-chain bridges, and obscure DeFi protocols.
In response, Elliptic, Chainalysis, and Arkham Intelligence have flagged the stolen ETH across 39 different wallet addresses, tracking its rapid movement. Arkham has even issued a $36K bounty for anyone who can expose the hacker’s identity. ZachXBT later won the bounty by confirming Lazarus’ involvement.
Can Crypto Security Keep Up?
In an effort to mitigate future risks, Elliptic’s Tom Robinson emphasized the need for stricter monitoring of illicit transactions.
While centralized exchanges have stepped up their security protocols, DeFi remains a critical loophole in the fight against crypto laundering. The Bybit hack serves as a stark reminder that crypto’s security infrastructure must evolve as fast as the attackers’ tactics.
The coming weeks will reveal whether Bybit’s promised security upgrades can restore trust and prevent another catastrophic breach.
