Blockchain security firm Elliptic has reported that the massive $1.46 billion stolen from Dubai-based crypto exchange Bybit is now being laundered, with hackers employing complex tactics to obscure their tracks.
According to a blog post by Elliptic, the attack, attributed to North Korea’s Lazarus Group, follows a familiar pattern. Cybercriminals first convert stolen tokens into blockchain-native assets like Ethereum (ETH) before initiating a sophisticated layering process to mask their movements.
Since the hack occurred on February 21, the hackers have rapidly dispersed the funds across multiple wallets. Within two hours of the theft, approximately 500,000 ETH was transferred to 50 different wallets, each containing around 10,000 ETH. These wallets are being systematically drained, with at least 10% of the stolen assets already moved.
Elliptic warns that the next phase of laundering will likely involve using crypto mixing services such as Tornado Cash, which obscure transaction histories by blending illicit funds with legitimate ones. However, the sheer volume of assets involved could make this process challenging.
Hackers use techniques like decentralized exchanges, crosschain bridges, and multiple wallet transfers to obscure the origin of stolen funds. A crypto exchange named eXch has been criticized for allegedly enabling money laundering by allowing anonymous transactions and converting tens of millions in stolen assets. Despite requests from Bybit to intervene, eXch has reportedly not blocked this illicit activity.
The Bybit hack is now the largest crypto theft in history, surpassing the Poly Network breach in 2021 and the Ronin Network exploit in 2022. As investigators track the stolen funds, authorities and blockchain security firms remain on high alert for further laundering attempts.
On February 23, Bybit CEO Ben Zhou confirmed that the crypto exchange has fully restored its withdrawal system after suffering the largest hack in the industry’s 15-year history. He assured users that all pending withdrawals had been processed and that the platform operated normally.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
