The Lazarus Group has laundered stolen crypto from last week’s record-shattering Bybit hack through the exchange eXch, according to the blockchain research firm Elliptic.
Hackers looted nearly $1.5 billion worth of Ethereum (ETH) and Lido Staked Ether (stETH) from Bybit on Friday.
The attack represented the largest crypto hack ever and possibly the biggest heist in world history.
Elliptic, pseudonymous on-chain investigator ZachXBT and other researchers have pinned the exploit on the Lazarus Group, a prolific North Korean cybercriminal outfit known for numerous high-profile hacks on major crypto platforms.
In a new analysis, Elliptic notes that Lazarus’ money-laundering process typically follows the same steps. First, the group exchanges any stolen tokens for a native blockchain asset like Ethereum, because ETH can’t be frozen by a central authority.
Subsequently, the cybercriminal outfit “layers” the stolen funds through multiple wallets, exchanges, cross-chain bridges and crypto mixers to obfuscate the transaction trail.
Elliptic says that Lazarus is currently in the middle of the second step.
“Within two hours of the theft, the stolen funds were sent to 50 different wallets, each holding approximately 10,000 ETH. These are now being systematically emptied – as of 1pm UTC on February 24, 14.5% of the stolen assets (now worth $195 million) have been moved from these wallets.
Once moved out of these wallets, the funds are being laundered through various services, including DEXs (decentralized exchanges), cross-chain bridges and centralized exchanges.
However, one service has emerged as a major and willing facilitator of this laundering. eXch is a cryptocurrency exchange, notable for allowing its users to swap cryptoassets anonymously. This has led them to being used to exchange hundreds of millions of dollars in crypto assets derived from criminal activity, including multiple thefts perpetrated by North Korea. Despite attempting to conceal this activity, our analysis shows that since the hack, crypto assets stolen from Bybit worth over $75 million have been exchanged using eXch. Despite direct requests from Bybit, eXch has refused to block this activity.”
Over the weekend, eXch took to the BitcoinTalk forum to deny claims it was laundering crypto for Lazarus, though it did cop to processing an “insignificant” portion of the stolen Bybit funds.
“1. eXch is NOT laundering money for Lazarus/DPRK (North Korea).
2. The insignificant portion of funds from the ByBit hack eventually entered our address 0xf1da173228fcf015f43f3ea15abbb51f0d8f1123 which was an isolated case and the only part processed by our exchange, fees from which we will be donated for the public good.
3. Any claims by ZachXBT and others on Twitter regarding transactions not related to 0xf1da173228fcf015f43f3ea15abbb51f0d8f1123 that are falsely attributed to eXch are a targeted FUD attack on our exchange.”
Bybit CEO Ben Zhou says the firm has restored a 1:1 backing on all client assets after the record-setting hack, and the Dubai-based exchange announced a full restoration of services on Saturday.
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Follow us on X, Facebook and Telegram
Generated Image: Midjourney
Read the full article here