{"id":14872,"date":"2025-02-25T11:48:27","date_gmt":"2025-02-25T11:48:27","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=14872"},"modified":"2025-02-25T11:48:27","modified_gmt":"2025-02-25T11:48:27","slug":"bybit-hackers-on-the-move-stolen-funds-likely-headed-to-mixers-report","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=14872","title":{"rendered":"Bybit Hackers On The Move? Stolen Funds Likely Headed To Mixers\u2014Report"},"content":{"rendered":"
\n

A blockchain security firm revealed that stolen funds from crypto exchange Bybit are being moved by hackers to crypto mixers to convert the bagged funds into Bitcoin in an attempt to obfuscate the transaction trail.<\/p>\n

Elliptic<\/a> believes that the hackers known as the Lazarus Group, which is based in North Korea, could be trying to launder the stolen funds using crypto mixers to make it harder to trace the transactions.<\/p>\n

Bybit Hackers On The Move<\/h2>\n

Elliptic reported that $1.4 billion of stolen digital assets from the hacking incident at the Bybit crypto exchange is believed to be on the move to crypto mixers<\/a> so the hackers can launder the funds without being traced by authorities.<\/p>\n

\n\u201cIf previous laundering patterns are followed, we might expect to see the use of mixers next,\u201d Elliptic said.\n<\/p><\/blockquote>\n

The blockchain security firm attributed the multi-billion-dollar crypto heist to North Korean hackers known only as the Lazarus Group.<\/a><\/p>\n

However, Elliptic noted that laundering the heist crypto funds may prove to be too challenging to the hacker\u2019s group because of the sheer volume of stolen assets that they need to move without any trail.<\/p>\n

\n\u201cNorth Korea\u2019s Lazarus Group is the most sophisticated and well-resourced launderer of crypto assets in existence, continually adapting its techniques to evade identification and seizure of stolen assets,\u201d Elliptic noted in its website.\n<\/p><\/blockquote>\n

\"\"<\/p>\n

The Laundering Process<\/h2>\n

Elliptic explained that North Korea\u2019s Lazarus Group has a laundering process that normally follows a characteristic pattern. \u201cThe first step is to exchange any stolen tokens for a \u201cnative\u201d blockchain asset such as Ether.<\/p>\n

This is because tokens have issuers who in some cases can \u201cfreeze\u201d wallets containing stolen assets, whereas there is no central party who can freeze Ether <\/a>or Bitcoin,\u201d the blockchain security firm said.<\/p>\n

<\/p>\n

In the case of the Bybit theft, this first stage happened within minutes after the heist. Elliptic said that \u201chundreds of millions of dollars in stolen tokens such as stETH and cmETH exchanged for Ether.\u201d<\/p>\n

The hackers utilized decentralized exchanges (DEXs) to achieve this, avoiding any asset freezing that could happen when they use a centralized exchange to launder stolen funds.<\/p>\n

\"\"<\/p>\n

\n\u201cThe second step of the laundering process is to \u201clayer\u201d the stolen funds in order to attempt to conceal the transaction trail. The transparency of blockchains means that this transaction trail can be followed, but these layering tactics can complicate the tracing process, buying the launderers valuable time to cash-out the assets,\u201d the security firm noted.\n<\/p><\/blockquote>\n

The layering can be done in several ways such as sending funds through large numbers of cryptocurrency wallets, moving funds to other blockchains, switching between different crypto assets, or utilizing crypto mixers.<\/p>\n

Systematically Emptied<\/p>\n

Elliptic said that the North Korean hackers are currently at the second stage of laundering or doing the layering process, adding that the hackers did it by sending the stolen funds to 50 different wallets within two hours after the heist. Each wallet holds an estimated 10,000 ETH.<\/p>\n

\"\"<\/p>\n

\u201cThese are now being systematically emptied \u2013 as of 10pm UTC on February 23, 10% of the stolen assets (now worth $140 million) have been moved from these wallets. Once moved out of these wallets, the funds are being laundered through various services, including DEXs, cross-chain bridges and centralized exchanges.,\u201d the security firm explained.<\/p>\n

Biggest Heist Of All Time<\/p>\n

Reports said an estimated $1.46 billion of digital assets were stolen from Dubai-based crypto exchange Bybit on February 21, 2025. Investigators suggested that \u201cmalware was used to trick the exchange into approving transactions that sent the funds to the thief.\u201d<\/p>\n

This incident is so far the \u201clargest crypto heist of all time\u201d which is much bigger than the $611 million crypto assets robbed from Poly Network in 2021.<\/p>\n

Featured image from Gemini Imagen, chart from TradingView<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

A blockchain security firm revealed that stolen funds from crypto exchange Bybit are being moved by hackers to crypto mixers to convert the bagged funds into Bitcoin in an attempt to obfuscate the transaction trail. Elliptic believes that the hackers known as the Lazarus Group, which is based in North Korea, could be trying to […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-14872","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/14872","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14872"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/14872\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14872"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14872"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}