North Korea's Lazarus Group Laundered All of the Stolen 499,000 Ethereum

North Korea’s notorious Lazarus group, which is behind the reported Bybit hack, has finished laundering all of the stolen 499,000 Ethereum

The notorious Lazarus Group, a North Korean hacking collective, has reportedly finished laundering all of the stolen 499,000 Ethereum (ETH), worth an astounding $1.39 billion, in just 10 days, according to data from the on-chain analytics firm, emberCN.

The Bybit hacker has managed to shuffle all the stolen funds using crypto mixers and decentralized exchanges (DEXs). Since the Bybit hack, the Ethereum (ETH) price has already dropped by 23% crashing all the way from $2,780 levels to now at $2,087 levels.

Source: emberCN

The اتح краудф announced on Tuesday that it has taken seven days to launder 499,000 ETH, stolen from crypto exchange Bybit in a recent hack. The اتح краудф is known for its involvement in major cryptocurrency heists, including the 2017 heist of $72 million from Bangladesh Bank and the 2022 hack of Axie Infinity’s Ronin Network.

The North Korean hacking group, Lazarus, is said to have used THORChain as its primary laundering platform. Allegedly led by Park Jin Hyok, who is wanted by the FBI, the group’s existence has been repeatedly denied by North Korea.

The report suggests that Lazarus laundered a massive $5.9 billion through THORChain, with the platform collecting a total of $5.5 million in transaction fees during the process. This makes it the largest cryptocurrency laundering operation ever recorded.

Bybit Is Seeking Leads on the Stolen Ethereum

Although it is almost impossible to track the stolen funds, Bybit co-founder Ben Zhou has announced to offer millions in rewards for any leads regarding the stolen assets. But Zhou also admitted that 77% of the stolen funds remain traceable, while 20% are untraceable, and 3% have been frozen.

Additionally, 83% of the stolen assets have been converted to Bitcoin and dispersed across 6,954 wallets, complicating recovery efforts. Zhou further wrote:

“We will not stop until Lazarus or bad actors in the industry are eliminated. In the future we will open it up to other victims of Lazarus as well.”

As per the Bybit bounty system announced by Zhou, they will offer rewards for information leading to the recovery of assets stolen in the recent hack. Furthermore, individuals who identify who identify and report blockchain transactions linked to the theft will get 5% of the recovered crypto. Similarly, any exchange or mixer that aids in retrieving the funds will also earn 5%.

Crypto exchange Bybit has declared a staggering $140 million separately to reward the investigators of the hack. Additionally, CEO Ben Zhou also announced the formation of the “HackBounty program”, to combat the industry wide theft. Speaking on this, Zhou said:

“I am energized by the incredible camaraderie on-chain and in real life. This can be a transformative moment for our industry if we get it right. Together, we can build a stronger defense system against cyber threats.”

Details Regarding the Hack

Following the Bybit hack on February 21, internal investigators found that hackers decoded the smart contract logic thereby hacking the transfer of funds. As a result, the hackers manager to move more than 400,000 ETH and stETH, valued at over $1.5 billion to a mystery wallet controlled by attackers instead of being transferred to the intended hot wallet.

Further investigation revealed that the hackers managed to breach the cloud infrastructure SafeWallet, hosted on AWS S3 and CloudFront, reportedly had one of its accounts compromised. The software provider also confirmed that the hacker managed to infect a developer’s system, thereby injecting malicious code into the system.

“The forensic review into the targeted attack by the Lazarus Group on Bybit concluded that this attack targeted the Bybit Safe and was achieved through a compromised machine of a SafeWallet developer resulting in the proposal of a disguised malicious transaction,” SafeWallet noted in its investigative report.