TLDR:
- Approximately $140 million, accounting for 10% of Bybit's lost $1.46 billion, is being laundered by North Korean hackers through untraceable exchanges, converting assets into Bitcoin.
- Bybit has put up a bounty worth 10% (up to $140 million) to recover the stolen funds, amid an intense wave of user withdrawals approximating $6 billion.
- Collaborated interventions from exchanges and stablecoin issuers have successfully frozen about $42.85 million of the diverted funds, with Tether halting 181,000 USDT.
- Investigations by Elliptic and Arkham Intelligence tie the breach to the notorious Lazarus Group from North Korea, recognized by their trademark laundering techniques.
- Anonymous platform eXch facilitated the movement of stolen millions contrary to Bybit's appeals to obstruct such activities, citing past reputational issues.
North Korean hackers The hackers have enacted the laundering steps. A whopping $140 million of the $1.46 billion seized in the Bybit incident is under laundering, marking a possibly protracted phase in the largest theft's history.
Elliptic's report on Saturday uncovers that the stolen riches are slyly coursing through anonymous platforms and metamorphosing to Bitcoin, complicating detective and recovery efforts.
The hackers After the theft, about 50 wallets, each holding near 10,000 ETH, scattered the loot, now progressively being drained as the assets switch to Bitcoin.
The attack commenced with the swapping of filched tokens like stETH and cmETH into Ethereum via decentralized exchanges, echoing the Lazarus Group's usual tactics to first convert to blockchain-native assets before further masking their paths.
Both Elliptic and Arkham Intelligence link the incident to North Korea’s Lazarus Group, noting the utilization of decentralized exchanges along with cross-chain bridges and coin-swap platforms. Since 2017, the group's crypto loots have funneled over $3 billion, allegedly funding North Korea's missile endeavors.
Bounty Offered
In light of the embezzlement, Bybit early Saturday announced a reward of 10% of recuperated funds—up to $140 million—for any on-chain security specialists aiding in retrieval, as the exchange tackles climbing user withdrawal demands.
Arkham Intelligence reveals a mass exodus of around 23,000 BTC from Bybit's active wallet post-incident, depicting a Bitcoin balance plummet from 70,000 BTC to little over 52,000 BTC, an approximate $1.7 billion drift since Friday's dusk.
Comprehensive analysis underscores Bybit has faced around $6 billion in total withdrawals via diverse cryptocurrencies, flagging the immense user reaction post-security breach.
Emerging as a notable figure in laundering operations, eXch shifted tens of millions despite Bybit's pleas to cease, rebutted by an email referencing past reputational discord between the two firms.
In a Sunday forum declaration, eXch refuted involvement with the Lazarus Group's laundering, stating an 'insignificant portion of funds' processed from the Bybit event would be directed to various open-source security and privacy projects.
A coordinated industry response Efforts have led to freezing $42.85 million in pilfered assets spanning multiple platforms, with THORChain blacklisting several addresses linked to North Korea's hacker syndicate, while ChangeNow froze 34 ETH ($97,000) in related addresses.
The Avalanche network secured 0.38755 BTC ($37,124), and FixedFloat, a Lightning Network based exchange, suspended 120,000 in USDC and USDT stablecoins. In parallel, stablecoin issuers, including Tether, blocked 181,000 USDT.
To buckle up security, Bybit is aligning with Pump.fun and Solana Foundation President Lily Lui to eliminate a Solana-based token connected to hacking groups. On-chain records hint Lazarus Group’s maneuvering assets onto Solana, stoking fake KYC data to infiltrate exchanges.
Bybit has alerted users to predators camouflaging as official representatives to extract personal data, emphasizing it never requests personal credentials, deposits, or passwords directly.
Ethereum enthusiasts are debating a blockchain rollback to thwart the hackers' maneuvers, though no official propositions have surfaced.
Elliptic foresees, drawing from previous laundering patterns, the possible employment of mixers to obscure proceeds flow further. However, the volume of pilfered booty might complicate such tactics.
