Following the $1.4 billion hack of the Bybit crypto exchange, the stolen crypto assets are likely to be laundered through mixers as hackers attempt to obscure the transaction trail. According to blockchain security firm Elliptic, which attributed the theft to North Korea’s Lazarus Group, this aligns with previous laundering patterns. However, the firm noted that the large volume of stolen assets may complicate the process.
The Feb. 21 hack targeted the Dubai-based Bybit exchange, marking the largest crypto heist in history. Elliptic explained that Lazarus Group typically exchanges stolen tokens for native blockchain assets like ETH as the first step in laundering. The group is now in the “second stage,” which involves layering stolen funds by transferring them through numerous wallets, crosschain bridges, decentralized exchanges, and mixers such as Tornado Cash.
Within two hours of the theft, the stolen funds were distributed to 50 wallets, each holding approximately 10,000 ETH. These wallets are now being systematically emptied, with at least 10% of the assets already moved. Elliptic highlighted that a service called eXch has emerged as a facilitator of the laundering, allowing anonymous swaps despite requests from Bybit to block the activity. eXch, however, denied involvement in laundering for Lazarus Group.
Between 2020 and 2023, Lazarus Group laundered over $200 million using mixers and peer-to-peer (P2P) marketplaces. While criminal groups like Lazarus have increasingly shifted to crosschain bridges, mixers remain a key tool. Meanwhile, Bybit CEO Ben Zhou announced on Feb. 24 that the exchange has fully replaced the stolen $1.4 billion in Ether and will soon release a new audited proof-of-reserve report.
— news from Cointelegraph