Bybit hacker launders $605M ETH, over 50% of stolen funds

The Bybit exploiter managed to launder over 50% of the stolen funds within a week since it exploited the exchange, despite onchain analysts pursuing the identity of the exploiters.

Centralized crypto exchange Bybit was hacked for over $1.4 billion worth of crypto on Feb. 21, marking the largest hack in crypto history

The Bybit exploiter has already laundered over $605 million worth of Ether (ETH), or over 54% of the total stolen funds, according to Lookonchain. The crypto intelligence platform wrote in a Feb. 28 X post:

“So far, the #Bybit hacker has laundered 270K $ETH($605M, 54% of the stolen funds) and still holds 229,395 $ETH($514M).”

North Korea’s Lazarus Group was identified as the main culprit behind the Bybit exploit, according to blockchain analytics firms, including Arkham Intelligence.

The exploiters have used the crosschain asset swap protocol THORChain to launder the funds. THORChain’s swap volume rose past the $1 billion record high after the Bybit hack, Cointelegraph reported on Feb. 27.

However, the protocol was hit by significant controversy after the growing flow of illicit North Korean funds.

Related: Can Ether recover above $3K after Bybit’s massive $1.4B hack?

THORChain dev quits amid controversy surrounding Bybit’s hacked funds

Some industry watchers have criticized THORChain’s privacy-preserving features for enabling the laundering of illicit funds by North Korean agents.

After a vote to block North Korean hacker-linked transactions was reverted to the protocol, one of the leading THORChain developers announced his exit.

“Effectively immediately, I will no longer be contributing to THORChain,” the crosschain swap protocol’s core developer, only known as “Pluto,” wrote in a Feb. 27 X post. 

Pluto said they would remain available “as long as I am needed and to ensure an orderly hand-off of my responsibilities.”

Pluto’s exit comes after THORChain validator “TCB” said on X that they were one of three validators that voted to stop Ether trading on the protocol to cut off the Lazarus Group.

TCB later wrote on X that they’d also exit “if we don’t rapidly adopt a solution to stop NK [North Korean] flows.”

Related: Bybit hack, withdrawals top $5.3B, but ‘reserves exceed liabilities’ — Hacken

Meanwhile, the FBI has urged crypto validators and exchanges to cut off the Lazarus Group and confirmed earlier reports that North Korea was behind the record Bybit hack. 

THORChain founder John-Paul Thorbjornsen told Cointelegraph he has no involvement with THORChain but said that none of the sanctioned wallet addresses listed by the FBI and the US Treasury’s Office of Foreign Assets Control “has ever interacted with the protocol.”

“The actor is simply moving funds faster than any screening service can catch. It is unrealistic to expect these blockchains to censor, including THORChain,” he added.

Magazine: THORChain founder and his plan to ‘vampire attack’ all of DeFi