Lazarus Group Accelerates Fund Transfers Following Bybit Hack

Hackers responsible for the $1.4 billion Bybit exploit have resumed laundering operations, moving another 62,200 Ether (ETH) on 1 March. The transfer, valued at approximately $138 million, brings the total amount moved to 343,000 ETH, leaving 156,500 ETH still to be laundered, according to crypto analyst EmberCN.

The theft, linked to North Korea’s Lazarus Group, saw 499,000 ETH stolen on 21 February. Analysts predict that the remaining funds could be moved within the next three days.

US Authorities’ Efforts to Block Transactions

The pace of laundering initially slowed following intervention from the United States Federal Bureau of Investigation (FBI). The agency called on node operators, cryptocurrency exchanges, and cross-chain bridges to block transactions tied to the exploiters.

On 28 February, the FBI publicly identified 51 Ethereum addresses linked to the hackers, urging the crypto community to take action. Blockchain analytics firm Elliptic also flagged over 11,000 crypto wallet addresses potentially associated with the group.

Despite these efforts, the hackers have successfully laundered 68.7% of the stolen funds, up from 54% just days earlier.

Use of Decentralised Platforms for Laundering

Crypto forensics firm Chainalysis reports that the hackers have been converting stolen Ether into Bitcoin (BTC), Dai (DAI), and other assets through decentralized exchanges, cross-chain bridges, and instant swap services that do not require Know Your Customer (KYC) verification.

One such platform, THORChain, has faced criticism for facilitating a significant portion of the illicit transfers. The platform’s developers have been under pressure to prevent transactions linked to the North Korean group.

A vote to block these transactions was recently reversed, prompting one of THORChain’s developers, known as “Pluto,” to resign. The protocol’s founder, John-Paul Thorbjornsen, has since distanced himself from the project, asserting that none of the sanctioned wallet addresses provided by the FBI and the US Treasury’s Office of Foreign Assets Control (OFAC) have directly interacted with the platform.

Largest Crypto Hack on Record

The Bybit hack remains the largest in cryptocurrency history, surpassing the $650 million Ronin Bridge exploit from March 2022. The rapid movement of funds highlights the ongoing challenge regulators face in curbing illicit activity in decentralized financial systems.

While authorities continue to track and block suspicious transactions, the speed at which funds are being laundered raises concerns about the effectiveness of current enforcement measures. Industry experts stress the need for stricter regulations and more robust monitoring mechanisms to prevent similar attacks in the future.