Blockchain forensic experts are raising alarms over the rapid laundering of funds from the recent Bybit hack, with evidence suggesting North Korea may have expanded its illicit financial operations.
According to a February 27 report from TRM Labs, nearly $400 million of the stolen $1.46 billion was laundered in just a few days. The hackers utilized a sophisticated network of intermediary wallets, decentralized exchanges, cross-chain bridges, and crypto swaps to obscure the movement of funds.
“This rapid laundering suggests that North Korea has either expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to absorb and process illicit funds,”
the report stated.
North Korean-backed hacking groups typically use crypto mixers to conceal stolen funds, but the scale of the Bybit attack has forced them to adopt new strategies. Instead of relying on mixers, they’ve started dispersing funds across multiple wallets and decentralized platforms to complicate tracking. Initially, stolen Ethereum was moved through BNB Chain and Solana, but investigators now note that a significant amount has been converted to Bitcoin. Despite the swift movement of funds, much of the Bitcoin remains untouched, indicating the hackers may be preparing for large-scale liquidation via over-the-counter (OTC) networks.
The attack on Bybit was reportedly executed through a multi-stage process, with security experts pointing to Safe Wallet as a key vulnerability. The hackers allegedly compromised a Safe{Wallet} developer’s device and used social engineering tactics to trick Bybit’s wallet owner into authorizing a malicious transaction.
Further investigation confirmed that the North Korean state-backed Lazarus Group was identified as the perpetrator behind the February 21 Bybit exploit. In collaboration with investigator ZachXBT, Arkham Intelligence traced wallet connections to the group. Arkham offered a $31,500 bounty for information leading to the attackers’ identification, and ZachXBT conducted a forensic analysis that linked the exploit to previous actions by the Lazarus Group.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”