North Korea’s Lazarus Group intensified efforts to launder funds from Bybit following what is considered the largest crypto hack in history at $1.4 billion. The cyberattackers moved another 62,200 ETH ($138 million) on March 1. This leaves them with just 156,500 Ethereum ( ETH ) remaining from the original theft, according to an analysis by crypto researcher EmberCN. The latest transfer brings the total amount laundered to approximately 343,000 ETH, which is close to 68.7% of the 499,000 ETH stolen during the Feb. 21 attack. Based on the current pace, EmberCN projects the hackers will clear the remaining funds within the next three days. 从昨天下午 3 点黑客恢复洗钱以来,黑客洗走了 6.22 万枚 ETH ($1.38 亿)。 现在黑客从 Bybit 盗取的 49.9 万枚 ETH,已经洗的只剩 15.6 万枚 ($3.46 亿)了。再有个三天时间应该就会被全部清空了。 本文由 #Bitget | @Bitget_zh 赞助 https://t.co/KCEhMwIsnG pic.twitter.com/alJMqyBVVU — 余烬 (@EmberCN) March 2, 2025 This accelerated laundering comes despite recent intervention by the Federal Bureau of Investigation (FBI). The FBI formally attributed the $1.5 billion hack to North Korea in a public service announcement on Feb. 26. FBI confirms North Korean responsibility According to the FBI announcement, North Korea was responsible for stealing approximately $1.5 billion in virtual assets from the cryptocurrency exchange Bybit on or about Feb. 21, 2025. The FBI has designated this specific North Korean cyber operation as “TraderTraitor.” Source The announcement details that TraderTraitor actors are moving quickly, having already converted portions of the stolen assets to Bitcoin and other cryptocurrencies dispersed across thousands of addresses on multiple blockchains. FBI officials expect these assets will be further laundered and eventually converted to fiat currency. The FBI is actively calling for assistance from the private sector. They’ve also asked RPC node operators, exchanges, bridges, blockchain analytics firms, DeFi services, and other virtual asset service providers to block transactions connected to addresses the TraderTraitor actors are using to launder the stolen assets. The FBI has shared addresses linked to the hackers, while blockchain analytics firm Elliptic has expanded monitoring efforts by flagging over 11,000 wallet addresses potentially tied to the operation. According to Chainalysis, the hackers have used various mixing techniques to hide the trail of stolen funds. They have also converted portions of the ETH into Bitcoin ( BTC ), DAI stablecoin, and other assets. The group has primarily used decentralized exchanges, cross-chain bridges, and instant swap services without Know Your Customer (KYC) requirements. Read more: Ethereum Research offers solution to centralization problem
