The Lazarus Group of North Korea has laundered an additional 62,200 Ether, valued at $138 million, originating from the Bybit hack on February 21, on March 1 — with only 156,500 remaining to be transferred, noted a pseudonymous cryptocurrency analyst.
About 343,000 Ether (ETH) out of the 499,000 Ether taken in the $1.4 billion Bybit breach has been relocated, reported X user EmberCN, who anticipates the leftover funds will be cleared in the forthcoming three days.
The 343,000 Ether that has been moved represents 68.7% of the funds that were stolen — increased from 54% as of February 28.
Previously, EmberCN had indicated that laundering activities had diminished due to efforts from the US Federal Bureau of Investigation urging node operators, cryptocurrency exchanges, bridges, and others to block transactions associated with the Bybit hackers.
The Bybit hacker still possesses an additional $346 million of Ether to launder, should they decide to do so. Source: EmberCN
The FBI has shared 51 Ethereum addresses tied to, or associated with, the Bybit hackers, while blockchain analytics firm Elliptic has identified over 11,000 cryptocurrency wallet addresses potentially linked to them.
Chainalysis, a cryptocurrency forensics firm, stated the hackers had converted segments of the stolen Ether into Bitcoin (BTC), the Dai (DAI) stablecoin, and other assets via decentralized exchanges, crosschain bridges, and instant swap services without implementing Know Your Customer protocols.
One of those protocols involves THORChain, a crosschain asset swap protocol. The developers of this protocol have faced significant criticism for enabling a considerable portion of transfers executed by the North Korean hackers.
One developer of THORChain, known as “Pluto,” mentioned they would cease contributions to the protocol after a vote aimed at blocking transactions connected to North Korean hackers was overturned.
Related: Bybit hack forensics show SafeWallet compromise led to stolen funds
In a correspondence with Cointelegraph, the founder of THORChain, John-Paul Thorbjornsen, stated he no longer has a role in the crosschain protocol, while noting that none of the sanctioned cryptocurrency wallet addresses indicated by the FBI and the Treasury’s Office of Foreign Assets Control have interacted with the protocol.
The $1.4 billion Bybit hack on February 21 stands out as the most significant exploit in the cryptocurrency sector — more than doubling the losses incurred from the $650 million Ronin bridge compromise on March 23, 2022.
Magazine: MegaETH launch could save Ethereum… but at what cost?
