朝鲜黑客洗劫$ 1.4亿美元的bybit战利品，以比特币为目标，因为椭圆机跟踪交易

在转换为比特币之前，盗用资产通过不可追踪的交流进行有条不紊的转移，这种方法使恢复工作变得复杂，正如椭圆机在周六的博客文章中指出的那样。

North Korean hackers have begun laundering the funds stolen from Bybit, with blockchain analytics firm Elliptic tracking over $140 million in initial transactions aimed at obscuring the flow of money.

朝鲜黑客已经开始洗钱，从拜比特（Bybit）偷来的资金，区块链分析公司椭圆形跟踪超过1.4亿美元的初始交易，旨在掩盖货币流量。

The misappropriated assets are being systematically transferred through untraceable exchanges before being converted into Bitcoin, a method that complicates the recovery efforts, Elliptic noted in a blog post on Saturday.

Elliptic在周六的博客文章中指出，盗用资产在转换为比特币之前，通过不可追踪的交流进行系统地转移，这种方法使恢复工作变得复杂。

“The next stage of the laundering process will involve ‘layering’ the stolen assets to obscure the transaction trail,” Elliptic explained. “While this trail can be followed, the layering techniques will complicate the process, giving the launderers valuable time to fully liquidate the assets.”

椭圆机解释说：“洗涤过程的下一个阶段将涉及“分层”被盗资产以掩盖交易小径。” “尽管可以遵循这条路，但分层技术会使过程变得复杂，从而为洗衣者提供了宝贵的时间来充分清算资产。”

The $1.46 billion social engineering attack, which occurred on Friday and primarily involved Ethereum, marks the largest theft in the history of cryptocurrency, surpassing the $611 million heist from Poly Network in 2021.

这次14.6亿美元的社会工程攻击发生在周五，主要涉及以太坊，标志着加密货币历史上最大的盗窃，超过了2021年Poly Network的61.1亿美元抢劫。

Elliptic and Arkham Intelligence have attributed the attack to North Korea’s Lazarus Group, noting the use of decentralized exchanges and services such as cross-chain bridges and coin swap services to misdirect investigators.

Elliptic和Arkham Intelligence将这次袭击归因于朝鲜的Lazarus集团，并指出了使用分散的交流和服务（例如跨链桥梁和硬币交换服务）的使用来指导调查人员。

“If typical laundering patterns are followed, we may also see the use of mixers to further obfuscate the transaction trail,” the report noted, adding that this may present challenges due to the “unusually large volume of stolen assets.”

该报告指出：“如果遵循典型的洗涤模式，我们还可能看到使用混合器进一步混淆交易轨迹。”

Within hours after the theft, the attackers moved the stolen assets into 50 separate wallets, each containing around 10,000 ETH. According to Elliptic, these funds are now being emptied and converted into Bitcoin.

盗窃后的几个小时内，攻击者将被盗的资产移至50个单独的钱包中，每个钱包包含约10,000 ETH。根据Elliptic的说法，这些资金现在被清空并转换为比特币。

The attackers initially converted stolen tokens such as stETH and cmETH into Ethereum via decentralized exchanges, presumably to evade possible freezes on the assets.

攻击者最初通过分散的交流将被盗的代币（例如Steth和Cmeth）转化为以太坊，大概是为了避免资产上的冻结。

This aligns with the laundering playbook typically employed by the Lazarus Group, which involves converting stolen tokens into “native” blockchain assets prior to further obfuscation, Elliptic noted.

Elliptic指出，这与Lazarus集团通常使用的洗钱剧本一致，该手册涉及将被盗的令牌转换为“本地”区块链资产，然后再进行混淆。

Since 2017, the group has reportedly stolen over $3 billion in cryptocurrency assets, which were used to fund North Korea’s ballistic missile program, a UN report from last year noted, although the actual figure is likely much higher, according to Elliptic.

据报道，自2017年以来，该集团已偷走了超过30亿美元的加密货币资产，这些资产用于资助朝鲜的弹道导弹计划，但据椭圆形的一份报告称，尽管实际数字可能更高。

As a result of the theft on Sunday, Bybit is facing pressure from user withdrawals, with approximately 23,000 BTC being withdrawn from Bybit’s hot wallet, according to data from Arkham Intelligence.

根据Arkham Intelligence的数据，由于周日的盗窃案，Bybit面临用户提取的压力，大约23,000 BTC从Bybit的热钱包中撤回。

The exchange’s primary wallets have seen their Bitcoin balance decrease from 70,000 BTC to just over 52,000 BTC, indicating an outflow of around $1.7 billion since Friday afternoon, the data shows.

数据显示，该交易所的主要钱包已经看到他们的比特币余额从70,000 BTC减少到刚好超过52,000 BTC，这表明自周五下午以来的流出约为17亿美元。

Further analysis suggests that Bybit has experienced outflows totaling $6 billion across various cryptocurrencies.

进一步的分析表明，BYBIT在各种加密货币中经历了总计60亿美元的流出。

Anonymous Crypto Exchange AccusedElliptic and other analysts, including ZachXBT, have pointed to the anonymous cryptocurrency exchange eXch as facilitating “tens of millions of dollars” in stolen assets from the hack, despite Bybit’s requests for the exchange to halt the activity.

匿名加密交易所被指控和其他分析师（包括Zachxbt）指出，尽管Bybit要求对该活动停止该活动的要求，但匿名的加密货币交易所促进了“被盗资产”中的“数千万美元”的资产。

“The stolen Ethereum is being continuously converted into Bitcoin, using eXch and other services,” Elliptic stated on Sunday.

椭圆机在周日说：“被盗的以太坊正在使用交易所和其他服务不断转化为比特币。”

An alleged email response from eXch, which was archived on X over the weekend and cited by Elliptic, claims that the exchange chose not to respond to Bybit’s requests, arguing that Bybit has previously made “direct attacks on the reputation” of eXch.

据称来自Exch的电子邮件回复，该回复在周末在X上存档，并由Elliptic引用，声称该交易所选择不响应Bybit的要求，认为Bybit以前曾对Exch的声誉进行了“直接攻击”。

“We find it difficult to understand the expectation of collaboration” from an organization that has “actively undermined our reputation,” the email from eXch stated.

Exch的电子邮件说：“我们发现很难理解一个“积极破坏我们声誉”的组织的协作期望。

The exchange did not immediately respond to Decrypt’s request for comment.

交易所没有立即回应解密的置评请求。

On Sunday, eXch claimed in a post on a Bitcoin forum that the accusations of facilitating money laundering were unfounded.

周日，交换在比特币论坛上的一篇文章中声称，指控促进洗钱的指控是没有根据的。

“We are not laundering money for Lazarus/DPRK,” eXch asserted, stating that such allegations represent the “view of some individuals who wish to eliminate the fungibility and on-chain privacy of decentralized coins.”

英格断言：“我们不是为拉撒路/朝鲜洗钱。”此类指控代表了“一些希望消除分散硬币的可及格性和链接隐私的人的观点”。

“A small portion of the funds we processed from the Bybit hack in an isolated incident will be donated to various open-source initiatives that focus on privacy and security in and out of crypto space,” the exchange added.

交易所补充说：“我们从隔离事件中从拜比特黑客处理的一小部分资金将捐赠给各种开源计划，这些倡议着重于加密货币空间内外的隐私和安全性。”

Edited by Sebastian Sinclair

由塞巴斯蒂安·辛克莱（Sebastian Sinclair）编辑