ZachXBT attributes LiFi volume spike to North Korea money laundering following Bybit hack incident
A Lowdown on Crypto Laundering: North Korean Hackers in the Spotlight
Suspicions swirl that crypto laundering by North Korean hackers may account for a significant chunk of LiFi Protocol's activity.
LiFi Protocol, lately, has been dancing the limelight for its skyrocketing figures. However, investigator ZachXBT has raised eyebrows, suggesting that a significant portion of the cross-chain bridge's volume might be tied to North Korean hackers laundering funds from the Bybit hack.
On June 3, ZachXBT shared LiFi Protocol's record-breaking performance, showcasing a staggering $3 billion in volume and 4.37 million executed transactions in May. Over 510,000 unique users were also on the platform, according to the founder, Arjun Chand.
Yet, ZachXBT pointed out that the founder didn't delve into the likely reason behind the rise in activity. According to the investigator, the primary driver was money laundering linked to recent North Korean hacks.
"Fancy cross-chain bridges boasting record usage? Guess where the activity comes from," ZachXBT mused.
North Korean Hackers: The Shadowy Masterminds
The focus has been on the Bybit hack, where the crafty tactics of North Korean hackers have been on full display. These hackers sail through complex operations to mask the source of the funds, resulting in heightened network activity.
"Usage gets overstated because they repeatedly chain hop back and forth to obfuscate movements," ZachXBT states. He further suggests that North Korean hackers might have accounted for 15-25% of LiFi Protocol's activity during the period under scrutiny.
Transactions on the blockchain are technically transparent, but various laundering tactics can make finding the origins impossible. These include frequent chain-hopping, token swaps, and scattering funds across thousands of wallets - practices that leave tracing almost impossible.
By the end of May, over half of the stolen $1.4 billion in the Bybit heist was untraceable on-chain, hinting at successful laundering.
The Morphing Methods of North Korean Hackers
North Korean hackers, notably those associated with the Lazarus Group, have been wielding sophisticated tactics for cryptocurrency laundering. Here's a lowdown on their current approaches, emphasizing the Bybit hack and broader trends:
1. Using Meme Coins
Lazarus Group has been making waves with meme coins. They have leveraged platforms like Solana's pump.fun to create meme coins and launder millions through these coins[3]. Meme coins' speculative nature and ease of manipulation on social media platforms make them attractive for laundering.
2. Social Engineering and Identity Disguise
The hackers have perfected social engineering techniques, often impersonating foreign nationals, like IT workers from countries like Canada or Japan, to infiltrate crypto companies[1]. They create fake credentials and resumes to secure employment in tech and crypto firms, allowing access to valuable information and systems[1].
3. Phishing and Supply Chain Attacks
Phishing is a common method to gain sensitive information, such as private keys or seed phrases[1]. They also exploit vulnerabilities in the supply chain of crypto companies, often through advanced infrastructure hacks[1].
4. Crypto Mixers and DeFi Protocols
North Korean hackers frequently use crypto mixers like Tornado Cash to jumble the origin of stolen funds[3]. They also use decentralized finance (DeFi) protocols to further complicate the laundering process by routing funds through multiple platforms to obscure their trail[3].
5. Instant Exchanges and Privacy Coins
Hackers quickly convert stolen cryptocurrencies into different assets using instant exchanges, making tracking more challenging. They also convert funds into privacy coins like Monero (XMR), capitalizing on their untraceable nature[5].
The Bybit Hack: Adapting and Overcoming
While specific details on how the Bybit hack was laundered are scarce, it's evident that the grand scale of the theft required North Korean hackers to adapt and devise new methods to move funds without detection. The use of meme coins and other tactics mentioned above form part of this wider strategy[3].
Concerning LiFi Protocol, there is no solid evidence connecting it directly to North Korean laundering methods. However, the general strategies outlined can be extrapolated across various crypto platforms.
- ZachXBT's investigations suggest that North Korean hackers might have been involved in a significant portion of LiFi Protocol's activity, raising concerns about crypto laundering.
- The Bybit hack, masterfully orchestrated by North Korean hackers, showcases their deft ability to mask the source of funds, leading to heightened network activity.
- North Korean hackers have leveraged meme coins, social engineering, phishing, supply chain attacks, crypto mixers, DeFi protocols, and instant exchanges to launder cryptocurrency effectively.
- By the end of May, over half of the stolen $1.4 billion in the Bybit heist was untraceable on-chain, indicating successful laundering techniques employed by North Korean hackers.
- The focus on North Korean hackers' tactics in crypto laundering is crucial to enhance cybersecurity measures in the general-news and crime-and-justice sectors, particularly in the context of the growing use of technology like blockchain, wallets, dex, and ico in the crypto space.
