It took less than two weeks for the North Korean state-sponsored hacking group Lazarus to launder more than $1 billion worth of ethereum (ETH) and its derivatives, stolen from the Bybit crypto exchange, analysts claim. However, the hope of recovering some of the funds still remains.
Analysts from Lookonchain, Nansen, and Arkham confirmed that the criminals had emptied their wallet containing the stolen funds, which were worth nearly $1.5 billion at the time. The laundering operation was facilitated mostly by the decentralized exchange THORChain, which has recently run into financial problems.
On March 4th, Ben Zhou, the CEO of Bybit, said that out of almost 500,000 stolen ETH and its derivatives, which would now be worth around $1.09 billion, 77% are still traceable, 20% have gone dark, and 3% have been frozen.
Eighty-three percent of the stolen ETH has been converted into bitcoin (BTC) across 6,954 wallets.
"This and the coming week are critical for fund freezing as the funds will start to clear at exchanges, [over-the-counter] and [peer-to-peer]," Zhou said, also noting that the hackers mostly used THORChain to swap ETH for BTC.
Some of the stolen ETH went dark through the ExCH crypto exchange, which engaged in a public spat with Bybit right after the hack. According to Zhou, hackers also used a proxy of the OKX crypto exchange.
The President of OKX, Hong Fang, chimed in saying that the company has been "continuously updating our blacklist addresses."
"For self-custody wallets, all on-chain transactions should be traceable," she added.
The CEO of Bybit added that bounty hunters have also helped freeze some of the funds, with more than $2 million in bounties already paid. According to the LazarusBounty.com website, 19 bounty hunters are currently registered.
In the first days after the hack, an Arkham analyst claimed that "The Bybit Hacker is making 2-3 transactions per minute and stops every 45 minutes for a 15-minute break. They move ETH from one address at a time before moving on to the next one."
"Did Lazarus get an intern to wash their funds manually?" they asked back then.
Your email address will not be published. Required fields are markedmarked