Hacker man using laptop and computer with Bitcoin green binary graphic and cryptocurrency candlestick graph price on monitor screen. Cyber crime digital currency laundering concept
On February 21, 2025, cryptocurrency exchange Bybit fell victim to a cyberattack, specifically targeting the SafaWallet utilized by the platform. The attackers managed to steal 499,000 Ethereum (ETH), valued at approximately $1.4 billion.
Blockchain analysis suggests that the North Korean state-sponsored Lazarus Group successfully laundered the entire sum within 10 days. The majority of the stolen ETH was converted through the THORChain cross-chain bridge, facilitating the obfuscation of the illicit funds.
3.4.25 Executive Summary on Hacked Funds:
Total hacked funds of USD 1.4bn around 500k ETH, 77% are still traceable, 20% has gone dark, 3% have been frozen.
Breakdown:
– 83% (417,348 ETH, ~$1B) have been converted into BTC with 6,954 wallets (Average 1.71 btc each) . This and…— Ben Zhou (@benbybit) March 4, 2025
To evade detection, the hackers exchanged 417,348 ETH, worth approximately $1 billion, for Bitcoin (BTC) via cross-chain transactions. These funds were then dispersed across 11,000 wallet addresses, significantly complicating tracking efforts. While cross-chain conversions can increase the difficulty of tracing stolen assets, they do not render them entirely untraceable. True anonymity, however, is primarily achieved through cryptocurrency mixers. Notably, 20% of the stolen assets—roughly $280 million—have been fully anonymized and are now beyond the reach of forensic investigation.
Meanwhile, 77% of the funds remain traceable, but their ultimate fate depends on the hackers’ subsequent moves. Additionally, 3% of the stolen funds were successfully identified and frozen by cryptocurrency exchanges and platforms, preventing Lazarus Group from accessing them.
Bybit disclosed that, apart from THORChain, the attackers also utilized ExCH and OKX Web3 Proxy to transfer the stolen assets. Approximately $65 million worth of ETH could still be recovered, provided the OKX wallet team cooperates in the effort.
A particularly noteworthy aspect of this breach is THORChain’s role in facilitating the laundering process. By serving as a conduit for the stolen funds, THORChain indirectly profited, earning approximately $5.5 million in transaction fees. This involvement is likely to attract intense scrutiny from regulatory agencies. Some THORChain developers attempted to block the laundering attempts but were overruled by a community vote, leading several developers to resign from the project—seemingly in an effort to avoid future legal liability.
THORChain’s facilitation of these transactions has also led to a sharp surge in trading volume, reportedly reaching nearly $4 billion. Given this escalation, it is almost certain that U.S. law enforcement agencies, including the FBI, will initiate a thorough investigation into THORChain.
Related Posts:
- Bybit Heist: $1.4B Ethereum Stolen in Safe{Wallet} Exploit
- Lazarus Exposed: $200M Crypto Laundering Scheme Revealed
- ETH Devs Launch First Shadow Fork to test POS
