The hacker responsible for the staggering $1.39 billion exploit of Bybit has successfully laundered all 499,000 ETH in just ten days, demonstrating alarming ingenuity and the potential vulnerabilities within decentralized finance (DeFi) protocols.
Despite ongoing scrutiny from blockchain analytics firms, law enforcement agencies, and various crypto exchanges, the attacker managed to maneuver the stolen funds with remarkable efficiency, highlighting the challenges stymieing recovery efforts in the evolving landscape of cryptocurrency.
Laundering Details
On-chain analytics platform EmberCN took on the task of tracking the stolen funds soon after they were siphoned. The firm disclosed on February 25 that the hacker had successfully laundered more than 89,000 ETH, worth approximately $224 million, within just 60 hours.
Continuing their rapid cleaning spree, the attacker washed an additional 45,900 ETH, valued at around $113 million, the following day, elevating the total laundered amount to 135,000 ETH. A pattern emerged as the attacker repeated the laundering process on February 27, swapping 71,000 ETH with a market value of nearly $170 million.
As of this moment, merely four and a half days post-attack, the perpetrator had converted an impressive 206,000 ETH into other crypto assets, averaging about 45,000 ETH daily. However, with 292,000 ETH still on their hands — amounting to around $685 million — the attacker persisted relentlessly in their laundering efforts.
According to EmberCN’s analysis, by February 28, the criminal had managed to add another 59,800 ETH to their laundered loot, pushing the total to 266,000 ETH, with 233,000 remaining. Interestingly, on March 1, the hacker seemed to take a breather, processing only a modest 14,300 ETH, valued at $32.2 million. However, they resumed with renewed vigor the next day, converting 62,200 ETH, ultimately leading to a report from EmberCN on March 4 that all the remaining funds had been laundered.
Bybit’s Take
In a notable divergence from EmberCN’s account, Bybit CEO Ben Zhou provided insights in an X post, indicating that approximately 83% of the stolen funds (valued at nearly $1 billion) had been converted into Bitcoin (BTC), distributed across almost 7,000 wallets.
Zhou observed that 20% of the total missing amount cannot be traced, while 3% has been frozen. He cited that a significant portion of the untraceable funds, totaling about 79,655 ETH, was laundered through the eXch exchange.
FBI investigations have linked the attacker to North Korea’s notorious Lazarus Group, with substantial processing of another 40,233 ETH via OKX’s web3 wallet. On-chain detectives have managed to trace approximately 16,680 ETH thus far, leaving the remaining amount seemingly lost, unless further information is provided to Bybit from OKX.
Zhou also pinpointed THORChain as the primary platform employed for laundering, estimating that over 361,000 ETH, equivalent to more than $900 million, were swapped using this cross-chain liquidity protocol.
The complexity and speed of this laundering operation raise essential questions about the security and resilience of decentralized finance ecosystems. As cybercriminal tactics evolve, the crypto community must adapt and innovate continuously, fostering greater transparency and security in the digital realm.
The full report can be found in the article titled Bybit Hacker Reportedly Launders Entire $1.4B Loot in Just 10 Days, originally published on CryptoPotato.
