Key Points
- Over $400 million from the Bybit hack was rapidly laundered, indicating potential expansion of North Korea’s operations.
- The method of laundering has evolved from using crypto mixers to using multiple wallets and decentralized platforms.
Analysts have expressed serious concerns over the rapid laundering of over $400 million from the recent Bybit hack.
This activity has led to suspicions that North Korea may have broadened its money laundering operations.
Laundering Methods
Blockchain forensic firm TRM Labs noted that the hackers responsible for the Bybit incident moved nearly half a billion dollars in less than a week.
They used intermediary wallets, crypto swaps, decentralized exchanges, and cross-chain bridges to obscure their tracks.
The speed of this laundering process suggests that North Korea may have upgraded its money laundering infrastructure or that underground financial networks, particularly in China, have increased their ability to handle and process illicit funds.
Change in Tactics
Previously, North Korean hackers were known to use crypto mixers to hide stolen funds before converting them into cash.
However, the magnitude of the Bybit incident has necessitated a change in tactics.
Instead of mixers, they are now using multiple wallets and decentralized platforms to hide the money trail.
Some of the stolen Ethereum was initially sent through BNB Chain and Solana, but most of it has now been transferred to the Bitcoin network.
Despite the rapid laundering, much of the Bitcoin remains untouched, indicating that the hackers may be preparing for a large-scale liquidation through OTC networks.
Bybit lost $1.46 billion in a multi-stage attack, which security experts have linked to Safe Wallet.
The attackers reportedly compromised a Safe{Wallet} developer’s device, tricking the Bybit’s Safe wallet owner into signing a malicious transaction.
