The massive $1.46 billion heist targeting Bybit has taken a new turn as North Korean hackers have begun laundering the stolen funds, according to blockchain intelligence firm Elliptic. In a blog post on Saturday, Elliptic revealed that over $140 million in stolen crypto has already been funneled through complex laundering techniques, aimed at obscuring the money trail and complicating recovery efforts.
Elliptic reported that the hackers are methodically moving the stolen funds through anonymous exchanges before converting them into Bitcoin—a strategy designed to make the assets significantly harder to trace.
“Lazarus Group has developed a powerful and sophisticated capability to not only breach target organisations and steal cryptoassets, but also to launder these proceeds through thousands of blockchain transactions.” Elliptic noted.
Within hours of the breach, the attackers dispersed the stolen assets—primarily Ethereum—across 50 separate wallets, each containing roughly 10,000 ETH. According to Elliptic, the funds are now being systematically withdrawn and converted into Bitcoin, a common laundering step used to further mask transaction trails.
The hackers initially converted various tokens like stETH and cmETH into standard Ethereum using decentralized exchanges. This move allowed them to sidestep potential asset freezes that might be enforced on derivative tokens, simplifying the laundering process. Converting illiquid or traceable tokens into more liquid, native blockchain assets like ETH is a known tactic frequently employed by Lazarus Group before initiating further obfuscation steps.
While blockchain analytics can still follow the flow of funds, these layering tactics create substantial obstacles, allowing the launderers valuable time to cash out before authorities catch up.
Largest Crypto Theft in History
The Bybit hack, which occurred on Friday through a sophisticated social engineering attack, has now become the largest crypto theft on record, surpassing the $611 million Poly Network hack in 2021. The majority of the stolen assets—primarily Ethereum—have raised alarms within the crypto community, particularly as the hackers employ increasingly advanced laundering techniques.
Blockchain investigators are racing against time to trace and potentially recover the funds, but with North Korea’s Lazarus Group suspected behind the attack, the challenges are immense. The group has a notorious history of executing large-scale cyber thefts and successfully laundering billions through similar methods.
The company is actively collaborating with blockchain forensic experts to trace the stolen funds and has initiated a recovery bounty program, offering up to 10% of the reclaimed assets to ethical hackers assisting in the effort.
Anonymous Exchange eXch Under Fire for Aiding Launder of Stolen Funds
As the investigations deepen, Elliptic, alongside on-chain sleuth ZachXBT, has spotlighted anonymous crypto exchange eXch for allegedly facilitating the laundering of tens of millions of dollars in the stolen assets. Despite direct requests from Bybit to block suspicious transactions, eXch has reportedly allowed the stolen Ethereum to be steadily converted into Bitcoin through its platform.
A purported email response from eXch, archived on X and cited by Elliptic, revealed that the exchange declined to cooperate with Bybit’s requests. In the email, eXch accused Bybit of launching “direct attacks on the reputation” of the exchange in the past, implying that past grievances influenced their decision to ignore the pleas to halt the laundering process.
Quick Facts:
- Approximately $1.5 billion in Ethereum was stolen from Bybit during a routine wallet transfer.
- At least 10% of the stolen assets are being laundered through anonymous exchange services, complicating recovery efforts.
- The heist highlights ongoing security challenges within the crypto sector, with over $2.2 billion stolen in 2024 alone.
