Bybit Hacker Launders Over 50% of Stolen Funds
The Bybit exploiter has managed to launder over half of the stolen funds within a week of hacking the exchange, despite onchain analysts exposing their identity.
Centralized crypto exchange Bybit suffered a massive exploit on February 21, resulting in over $1.4 billion in stolen crypto, marking the largest hack in crypto history.
According to blockchain intelligence firm Lookonchain, the hacker has already laundered over $605 million worth of Ether (ETH), representing more than 54% of the stolen funds. In a post on X (formerly Twitter) on February 28, Lookonchain reported:
“So far, the #Bybit hacker has laundered 270K $ETH ($605M, 54% of the stolen funds) and still holds 229,395 $ETH ($514M).”
North Korea’s Lazarus Group Behind the Attack
Multiple blockchain analytics firms, including Arkham Intelligence, have identified North Korea’s Lazarus Group as the primary culprit behind the Bybit exploit.
The attackers utilized the cross-chain asset swap protocol THORChain to move the stolen funds. Following the Bybit hack, THORChain’s swap volume surged past $1 billion, as reported on February 27.
This rapid increase in activity has raised concerns about THORChain’s role in facilitating illicit financial flows.
THORChain Developer Resigns Amid Growing Controversy
The involvement of THORChain in the laundering of stolen funds has sparked significant controversy within the crypto industry. Some experts have criticized the protocol’s privacy-preserving features for enabling illicit transactions by North Korean hackers.
Following a community vote to block transactions linked to North Korean hackers, which was later overturned, one of THORChain’s core developers, known as “Pluto,” announced their resignation.
“Effectively immediately, I will no longer be contributing to THORChain,” Pluto stated in a February 27 post on X.
Despite resigning, Pluto mentioned they would remain available to ensure a smooth transition of responsibilities.
FBI and Industry Experts Call for Action
The FBI has urged crypto validators and exchanges to take immediate action to block the Lazarus Group’s access to laundering funds. This follows earlier reports confirming North Korea’s involvement in the Bybit hack.
Meanwhile, THORChain’s founder, John-Paul Thorbjornsen, has distanced himself from the ongoing controversy. Speaking to Cointelegraph, he stated that sanctioned wallet addresses listed by the FBI and the US Treasury’s Office of Foreign Assets Control (OFAC) have never interacted with THORChain.
“The actor is simply moving funds faster than any screening service can catch. It is unrealistic to expect these blockchains to censor, including THORChain,” Thorbjornsen explained.
As investigations continue, the Bybit exploit has ignited fresh debates about the challenges of regulating decentralized finance and the responsibility of blockchain protocols in preventing illicit activities.
