In the aftermath of the $1.5 billion Bybit hack, two blockchain research institutions—Nansen and Chainalysis—revealed the money laundering strategies of the Lazarus group, which included converting illiquid assets into liquid assets, creating complex fund flow trajectories, and keeping certain wallets idle to let the scrutiny cool down.
According to Nansen, the typical strategy of the Lazarus group is to first convert illiquid assets into more fungible and thus easier-to-transfer assets. After Bybit was hacked, the perpetrators converted at least $200 million worth of staked tokens into Ethereum (ETH), which is much easier to transfer on-chain.
Once the conversion from illiquid to liquid assets was completed, the money laundering process began. To obfuscate the trail, the hackers constructed complex fund flow trajectories using a series of intermediary wallets, aiming to confuse trackers. According to Chainalysis, the funds were laundered through decentralized exchanges, cross-chain bridges, and even instant exchange services that do not require "Know Your Customer" (KYC) verification.
Related: FBI requests node operators and exchanges to block transactions related to the Bybit hack
The complexity of the Lazarus group's money laundering methods. Source: Chainalysis
Most of the Ethereum was eventually exchanged for Bitcoin (BTC) and stablecoins like Dai (DAI). In some cases, blockchain analysts were able to track these fund movements in real-time. This allowed some institutions running decentralized protocols, such as Chainflip, to prevent the perpetrators from laundering the stolen funds.
Throughout the laundering process, the hackers continuously split the stolen funds into smaller pools and sent them to an increasing number of wallets. In the first round of "transfers," funds were dispersed from one wallet to 42 wallets. In the second round of "transfers," funds were further dispersed from 42 wallets to thousands of wallets.
Related: After the $1.4 billion hack, Bybit's CEO claims to have "completely bridged the ETH funding gap"
So far, the funds laundered from the Bybit theft are only a portion of the $1.5 billion stolen. The Lazarus group has another strategy to evade the heightened scrutiny triggered by such a high-profile theft: to remain still and wait patiently. Some wallets holding the stolen funds (currently totaling $900 million) have remained idle as the organization waits for external scrutiny to subside.
The amount involved in this nearly $1.5 billion theft exceeds the group's total theft earnings for the entire year of 2024—$1.3 billion from 47 attacks. This attack is the largest cryptocurrency theft in history, uniting the cryptocurrency community to support Bybit and collectively combat the hackers. As the Lazarus group faces increasing scrutiny, it continues to adjust its strategies. As reported by Cointelegraph, the group's cyber warfare strategies remain among the most profitable and sophisticated in the world.
Related: Cryptocurrency exchange eXch denies laundering Bybit's stolen funds
Cointelegraph Chinese official channels
Telegram Community: https://t.me/cointelegraphzh
Telegram Channel: https://t.me/cointelegraphzhnews
X (Twitter): https://x.com/zhcointelegraph
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
