The Bybit exploiter managed to launder over 50% of the stolen funds within a week since it hacked the exchange, despite onchain analysts exposing their identity.
Centralized crypto exchange Bybit was hacked for over $1.4 billion worth of crypto on Feb. 21, marking the largest hack in crypto history
The Bybit exploiter has already laundered over $605 million worth of Ether (ETH), or more than 54% of the total stolen funds, according to Lookonchain. The crypto intelligence platform wrote in a Feb. 28 X post:
“So far, the #Bybit hacker has laundered 270K $ETH($605M, 54% of the stolen funds) and still holds 229,395 $ETH($514M).”
Source: Lookonchain
North Korea’s Lazarus Group was identified as the main culprit behind the Bybit exploit, according to multiple blockchain analytics firms, including Arkham Intelligence.
The exploiters have used the crosschain asset swap protocol THORChain to move the funds. THORChain’s swap volume rose past a $1 billion record high after the Bybit hack, Cointelegraph reported on Feb. 27.
The protocol was the subject of significant controversy amid the growing flow of illicit North Korean funds.
Related: Can Ether recover above $3K after Bybit’s massive $1.4B hack?
THORChain dev quits amid controversy surrounding Bybit’s hacked funds
Some industry watchers criticized THORChain’s privacy-preserving features for enabling the movement of illicit funds by North Korean agents.
After a vote to block North Korean hacker-linked transactions was reverted to the protocol, one of the leading THORChain developers announced his exit.
“Effectively immediately, I will no longer be contributing to THORChain,” the crosschain swap protocol’s core developer, only known as “Pluto,” wrote in a Feb. 27 X post.
Pluto said they would remain available “as long as I am needed and to ensure an orderly hand-off of my responsibilities.”
Pluto’s exit comes after THORChain validator “TCB” said on X that they were one of three validators that voted to stop Ether trading on the protocol to cut off the Lazarus Group.
TCB later wrote on X that they’d also exit “if we don’t rapidly adopt a solution to stop NK [North Korean] flows.”
Related: Bybit hack, withdrawals top $5.3B, but ‘reserves exceed liabilities’ — Hacken
Meanwhile, the FBI has urged crypto validators and exchanges to cut off the Lazarus Group and confirmed earlier reports that North Korea was behind the record Bybit hack.
THORChain founder John-Paul Thorbjornsen told Cointelegraph he has no involvement with THORChain, but none of the sanctioned wallet addresses listed by the FBI and the US Treasury’s Office of Foreign Assets Control “has ever interacted with the protocol.”
“The actor is simply moving funds faster than any screening service can catch. It is unrealistic to expect these blockchains to censor, including THORChain,” he added.
Magazine: THORChain founder and his plan to ‘vampire attack’ all of DeFi