The North Korea-affiliated hacker who stole $1.5 billion in Ether from crypto exchange Bybit has been laundering the token at an “unprecedented rate,” according to security researchers.
The Federal Bureau of Investigation on Thursday confirmed a hacking outfit affiliated with North Korea, dubbed TraderTraitor, was behind the February 21 exploit.
In the week since the hack, TraderTraitor has laundered more than $400 million in stolen Ether, according to blockchain forensic firm TRM Labs.
“The Bybit hack has quickly become the most significant cyber heist in crypto history, not just because of its scale but because of the unprecedented speed at which the stolen funds are being laundered,” Ari Redbord, TRM Labs’ head of global policy, told DL News.
“What sets this hack apart is the extraordinary pace of post-hack laundering.”
Within 48 hours, the hackers had successfully laundered $200 million in Ether.
“This shift raises alarming questions about whether North Korea’s laundering capacity has expanded or if Chinese underground banking networks have significantly increased their ability to absorb illicit funds,” Redbord said.
“Either way, the result is clear: criminal financial networks have never been this efficient at processing stolen crypto.”
Taylor Monahan, the lead security researcher at the crypto wallet MetaMask, has been documenting the laundering efforts on X.
Crypto exchanges ThorChain and eXch have both been used by the hackers to launder the money, Monahan said.
Additionally, ChainFlip, a crypto bridge — software used to transfer crypto between otherwise incompatible blockchains — has been used to convert the Ether to Bitcoin, according to pseudonymous crypto investigator ZachXBT.
TRM Labs’ research supported that analysis.
Traditionally, North Korean hackers would move Bitcoin into a so-called crypto mixer in order to limit investigators’ ability to continue tracking its movement across the blockchain and, ultimately, attempts to convert it to fiat currency such as dollars or China’s yuan, TRM Labs noted.
But no crypto mixer is large enough to successfully hide the amount of crypto the Bybit thieves are attempting to launder.
“This suggests a potential shift in laundering tactics,” TRM Labs said.
“The strategy this time may be an intensified version of North Korea’s ‘flood the zone’ technique, overwhelming services and investigators with sheer volume and transaction speed.”
Bybit is offering an enormous reward to companies that can help stanch the flow of stolen crypto. On Saturday, Bybit said any organisation that freezes the movement of the stolen crypto can keep 10% of that crypto.
Crypto forensics firm Chainalysis said it had helped organisations freeze $40 million in crypto stolen from Bybit, and on Tuesday, ChainFlip implemented an emergency upgrade that attempted to prevent its use by TraderTraitor.
Nevertheless, Monahan said on Wednesday the prospects of recovery were grim, given the hackers’ success at laundering Bybit’s Ether.
“Honestly, dude, the recovery here is not looking good,” she wrote on X. “It’s shaking out to be [less than 1%].”
Aleks Gilbert is DL News‘ New York-based DeFi correspondent. You can reach him at [email protected]. creator solana token
