Within the autopsy of the $1.5 billion Bybit hack, two blockchain analysis organizations — Nansen and Chainalysis — have revealed the Lazarus Group’s cash laundering technique, which incorporates swapping illiquid property for liquid property, creating a fancy cash path, and letting sure wallets sit dormant to let scrutiny die down.
According to Nansen, the standard Lazarus Group technique first includes swapping the illiquid property into these which are extra fungible and, due to this fact, simpler to maneuver. After the Bybit hack, the perpetrator transformed a minimum of $200 million in staked tokens into Ether (ETH), which will be moved rather more simply onchain.
After this conversion from illiquid to liquid property, the laundering course of was carried out. To create obfuscation, the hacker used a maze of intermediate wallets to create a fancy path aimed toward complicated trackers. In keeping with Chainalysis, the funds were laundered by decentralized exchanges, crosschain bridges, and even on the spot swap companies that don't require Know Your Buyer (KYC) verification.
Associated: Bybit CEO declares ‘war against Lazarus’ after $1.4B hack
The complexity of Lazarus Group’s laundering efforts. Supply: Chainalysis
A lot of the ETH was ultimately swapped for Bitcoin (BTC) and stablecoins reminiscent of Dai (DAI). In some circumstances, blockchain analysts had been capable of observe these actions in actual time. That allowed sure organizations working these decentralized protocols, reminiscent of Chainflip, to block the perpetrator’s attempt to launder the stolen funds.
All through the laundering course of, the hacker stored breaking the stolen funds into smaller swimming pools despatched to a rising variety of wallets. The primary “hop” divided the funds from one pockets to 42 wallets. The second “hop” from 42 wallets into 1000's.
Associated: Bybit hack, withdrawals top $5.3B, but ‘reserves exceed liabilities’ — Hacken
Up to now, the cash laundered from the Bybit hack is only a portion of the $1.5 billion. Lazarus Group has one other technique to keep away from the heightened consideration {that a} high-profile heist brings: sit and wait. Some wallets with stolen cash — a sum that throughout wallets currently amounts to $900 million) have remained dormant because the group bides its time for the scrutiny to die down.
The practically $1.5 billion hack is greater than the group’s total haul in 2024 — $1.3 billion over 47 assaults. The assault stands because the biggest crypto heist of all time, one which rallied the neighborhood collectively in support of Bybit and in opposition to the hackers. As Lazarus Group faces elevated scrutiny, it has continued to adapt. As Cointelegraph reported, its cyberwarfare technique stays one of the most lucrative and sophisticated in the world.
Journal: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis
