Blockchain Analytics Update on Bybit Hack

Blockchain analytics company Elliptic has revealed that the group behind the Bybit hack has started laundering funds. In an update to its February 23 report, the firm stated the Lazarus Group, responsible for the hack, is laundering funds using Bitcoin mixers.

According to Elliptic, the Lazarus Group is employing Cryptomixer and Wasabi Wallet to clean the stolen funds, which were previously converted to Bitcoin through the eXch exchange. This action seems to be a final step in the hackers’ process of obscuring their theft of $1.4 billion.


Elliptic reported:
> “As with other North Korea-linked thefts, this bitcoin has now begun to be passed through mixers to further obfuscate the transaction trail. This process has just begun, but stolen assets worth hundreds of thousands of dollars have already been sent through Cryptomixer and Wasabi Wallet.”

The choice of mixers may surprise some, yet it underscores the expertise of North Korean hackers, whom Elliptic calls the “most sophisticated and well-resourced launderers of crypto assets.” Their methods reveal a trend among criminals to convert stolen assets into Bitcoin and utilize various techniques to make these assets untraceable.

Cryptomixer has been operational since 2016 and functions as a centralized mixer allowing users to pool their assets, which are then withdrawn using different addresses. Despite its longevity, Cryptomixer has managed to evade law enforcement scrutiny.

On the other hand, Wasabi Wallet is not a typical mixing service. It is a non-custodial privacy wallet utilizing Coinjoin transactions to conceal transaction trails. Historically, Wasabi has been used by bad actors, including Chinese spies paying bribes to a US double agent, as noted in Elliptic’s 2022 report.

Currently, only hundreds of thousands have been laundered through these mixers, but crypto investigators are diligently tracking the money trail to thwart the hackers from cashing out.

Extra $43K in Bybit Money Frozen on OKX

Efforts to recoup as much of the Bybit funds from the perpetrators are ongoing, with hackers attempting to convert stolen assets into cash on centralized exchanges. Recently, on-chain investigator ZachXBT reported that $43,000 related to the hack has been frozen on OKX, thanks to collaborative efforts with the OKX team.

Though this amount seems minimal in light of the total stolen, it reflects the crypto community’s cooperative approach to tracing and recovering stolen funds. Elliptic is actively following the trail, along with Web3 forensics company zeroShadow, in tracking and freezing the illicit assets.

To date, they have successfully frozen over 3% of the stolen assets—approximately $50 million—though around 20% of the funds ($280 million) have reportedly become untraceable, showcasing the hackers’ effectiveness in concealing their transaction paths.