Major Hack on Bybit Crypto Exchange Likely to Lead to Laundering Through Mixers
In a staggering incident that has captured the attention of the cryptocurrency community, approximately $1.46 billion in crypto assets were stolen from the Dubai-based Bybit exchange on February 21, marking it as the largest crypto heist to date. The massive scale of this theft dwarfs previous high-profile hacks, such as the $610 million exploited in the Poly Network breach in 2021 and the $625 million taken from the Ronin Network in 2022. ### Attributed to Lazarus Group
Blockchain security firm Elliptic has attributed the hack to North Korea’s notorious Lazarus Group, a cybercrime collective linked to state-sponsored activities. According to Elliptic’s analysis, there is a significant likelihood that the stolen funds will be laundered through privacy-enhancing technologies known as mixers, a common method employed by hackers to obscure transaction trails.
“If previous laundering patterns are followed,” Elliptic noted in a blog post, “we might expect to see the use of mixers next.” Although the firm cautioned that laundering at this scale might pose unique challenges due to the sheer volume of stolen assets.
The Laundering Process
Elliptic detailed the process that the Lazarus Group typically follows to clean their stolen funds. Initially, the hackers exchange the stolen tokens for a native blockchain asset such as Ethereum (ETH). Following this exchange, they engage in a "layering" stage, which involves various techniques designed to conceal the origin of the funds.
These techniques include distributing stolen assets across numerous crypto wallets, utilizing cross-chain bridges to move funds to different blockchains, and deploying decentralized exchanges for asset conversion. Mixers like Tornado Cash are often included in these strategies, facilitating the obfuscation of the transaction trail.
Remarkably, within just two hours of the heist, the stolen crypto was funneled into 50 different wallets—each reportedly holding around 10,000 ETH. Current reports suggest that these wallets are being systematically emptied, with Elliptic indicating that at least 10% of the stolen assets have already been transferred from these locations.
eXch Exchange Under Scrutiny
Elliptic has also identified a particular crypto exchange, eXch, as a “major and willing facilitator” of the laundering process. The report stated that despite direct requests from Bybit to block the activity, eXch has continued to allow the conversion of stolen assets worth tens of millions of dollars. However, eXch has refuted any accusations of laundering activities, publicly denying involvement with the Lazarus Group.
Historical Context of Lazarus Group’s Activities
The Lazarus Group has a history of laundering operations, successfully cleaning over $200 million worth of stolen cryptocurrency from 2020 through 2023. Their typical methods include using mixers and peer-to-peer (P2P) marketplaces. Nevertheless, a report from Chainalysis noted a shift in strategy, suggesting a decline in the use of mixers by criminal organizations like Lazarus in favor of leveraging cross-chain bridges for money laundering.
Bybit’s Response
In response to the hack, Bybit’s CEO, Ben Zhou, announced on February 24 that the platform has fully replaced the $1.4 billion worth of ETH that was stolen from its users. Zhou further indicated that a new audited proof-of-reserve report would be made available soon, aimed at restoring confidence among users and stakeholders following the unprecedented breach.
As the situation develops, the cryptocurrency community remains watchful, aware of the ongoing challenges posed by cybercriminal activities and the tactics being employed to navigate the evolving landscape of digital asset security.