Thief Liquidates 18% of Stolen $1.4 Billionfrom Bybit in 60 Hours
Speedy Laundering of Bybit's Stolen Crypto: A Breakdown
In a span of just 60 hours post the monumental Bybit heist, the attacker has already managed to launder a staggering 18% of the pilfered funds. Here's a no-nonsense guide to their fast-paced laundering techniques.
The crook seems to prefer THORChain for its cross-chain swaps, swiftly exchanging Ethereum (ETH) into other cryptocurrencies like Bitcoin (BTC)[1][3]. In a recent bold move, they've laundered around 89,500 ETH, worth approximately $224 million as of now[1]. This unwanted transaction represents roughly 18% of the nearly 500,000 ETH that were stolen during the Bybit incident[1].
Privacy-enhancing mixers like Wasabi, Tornado Cash, and Railgun were first used to mask the origin of the stolen funds[1][3]. Then, the obfuscated funds passed through cross-chain swaps via platforms such as THORChain, eXch, LiFi, Stargate, Lombard, and SunSwap[3][5]. It appears that approximately 84.5% of the stolen Ethereum was converted to Bitcoin using THORChain[1][3].
Once the funds were converted, they were scattered across over 35,000 wallets[1][5]. While a chunk of the funds remained on the Ethereum blockchain, the vast majority was converted to Bitcoin for further laundering[1]. The laundered Bitcoin was ultimately funneled into over-the-counter (OTC) and peer-to-peer (P2P) fiat exchange services, making it even more challenging to trace their origin[1][5].
Due to their swift pace, experts predict that the bad actor could convert the remaining coins into other cryptocurrencies, such as BTC and DAI, within the next fortnight[1].
Amidst this, the FBI has placed North Korean citizen Park Jin Hyok on a wanted notice, alleging his connection with the Lazarus Group, a cybercrime outfit associated with the Pyongyang administration[4]. The Lazarus Group has previously been believed to be behind various attacks on crypto platforms, including the $625 million Ronin Bridge heist in 2022 and the $100 million attack on Harmony Bridge in the same year[4].
In terms of recovery efforts, Bybit CEO Ben Zhou has reportedly announced a solution to track and recover the stolen funds. The platform has also released an API to enable blacklisting of suspicious wallets linked to the attack[5]. Various law enforcement authorities, cybersecurity companies, and industry experts are collaborating to track the hacker's moves and halt any further illicit conversions of the stolen money[5]. The platform has also engaged blockchain forensic firm zeroShadow to help trace and freeze the assets in real-time[5].
Interested in Free Crypto?- Binance: Register here to benefit from a $600 exclusive welcome offer.- Bybit Limited Time Offer for our website readers: Register now and open a $500 FREE position on any coin!
[1] [Source 1][2] Enrichment Data[3] [Source 2][4] [Source 3][5] [Source 4]
- The thief used THORChain for its cross-chain swaps, swiftly exchanging Ethereum into other cryptocurrencies like Bitcoin.
- In a recent transaction, around 89,500 ETH, worth approximately $224 million, was laundered using privacy-enhancing mixers and cross-chain platforms.
- The stolen Ethereum was ultimately funneled into over-the-counter and peer-to-peer fiat exchange services, making it even more challenging to trace their origin.
- Amidst this, the FBI has placed a North Korean citizen on a wanted notice for their alleged connection with a cybercrime outfit associated with the Pyongyang administration.
- The platform involved in the heist, Bybit, has announced a solution to track and recover the stolen funds, and has also engaged a blockchain forensic firm to help trace and freeze the assets in real-time.
