The $1.46 billion hack of Bybit has now entered a critical phase as North Korea’s Lazarus Group begins laundering the stolen funds. According to blockchain intelligence firm Elliptic, the hackers have already moved $140 million in crypto, using decentralized exchanges and anonymous platforms to obscure their trail.
With Bybit users withdrawing billions from the exchange, experts believe the next step could involve Bitcoin mixers, a common tactic used by Lazarus in past cyber heists.
How the Stolen Funds Are Being Laundered
Elliptic’s latest report outlines the systematic approach taken by the hackers:
- Funds initially distributed across 50 wallets, each holding 10,000 ETH.
- Stolen tokens like stETH and cmETH were converted to Ethereum using DEXs to avoid asset freezes.
- Ethereum holdings are now being steadily converted to Bitcoin via anonymous exchanges like eXch, which has allegedly processed “tens of millions of dollars” in stolen assets.
Elliptic warns that if previous patterns hold, the next step could involve Bitcoin mixers to further hide the money trail. However, due to the sheer size of stolen assets, this step may prove more challenging.
Bybit Faces $6B in Outflows Amid Crisis
As a result of the hack, Bybit is facing immense pressure, with investors rushing to withdraw funds:
📉 Bitcoin reserves in Bybit’s hot wallet plunged from 70,000 BTC to just over 52,000 BTC—a $1.7 billion outflow since Friday.
📉 Total withdrawals from Bybit across various crypto assets have exceeded $6 billion.
eXch Accused of Facilitating Money Laundering
Blockchain researchers, including ZachXBT, have linked eXch to the laundering process, despite Bybit’s direct requests to block transactions.
- Elliptic claims eXch has ignored Bybit’s calls to freeze stolen funds.
- In an emailed response, eXch accused Bybit of making “direct attacks” on its reputation, implying that collaboration was unlikely.
- eXch denied allegations of laundering, claiming that any funds processed from the Bybit hack were an “insignificant part” and would be donated to open-source privacy initiatives.
Lazarus Group’s Long History of Crypto Crimes
The Lazarus Group has stolen over $3 billion in crypto assets since 2017, reportedly funding North Korea’s missile program, according to a 2023 UN report.
This latest attack on Bybit surpasses the $611 million Poly Network hack of 2021, making it the largest crypto theft in history.
What’s Next?
With funds still being laundered and Bybit facing major withdrawals, authorities are closely watching whether Bitcoin mixers will be used next. Elliptic and Arkham Intelligence continue to track the stolen assets, but with North Korea’s advanced laundering techniques, recovery efforts may face significant challenges.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Crypto markets are highly volatile—conduct thorough research before making financial decisions.
