North Korea’s Lazarus Group has ramped up its efforts to launder funds stolen from Bybit, following what is considered the largest crypto hack in history, totaling $1.4 billion. On March 1, 2025, the cybercriminals moved another 62,200 ETH ($138 million), reducing their remaining stolen funds to 156,500 ETH, according to crypto researcher EmberCN.
Laundering Efforts Accelerate
This latest transaction brings the total laundered amount to 343,000 ETH, or approximately 68.7% of the 499,000 ETH stolen during the February 21 attack. Based on the current transfer rate, EmberCN estimates that the hackers could clear the remaining funds within the next three days.
Despite efforts by U.S. authorities, including the Federal Bureau of Investigation (FBI), the laundering process continues at a rapid pace. The hackers have been converting portions of the stolen assets into Bitcoin (BTC), DAI stablecoin, and other cryptocurrencies, using decentralized exchanges, cross-chain bridges, and instant swap services that operate without Know Your Customer (KYC) compliance.
FBI Confirms North Korea’s Role
On February 26, 2025, the FBI officially attributed the $1.5 billion Bybit hack to North Korea, labeling it as part of a cyber operation known as TraderTraitor. According to the FBI’s public service announcement, the attackers have been rapidly dispersing the stolen assets across thousands of wallet addresses on multiple blockchains, making it harder for authorities to track and recover the funds.
The FBI has also requested assistance from the private sector, urging RPC node operators, exchanges, blockchain bridges, DeFi platforms, and analytics firms to block transactions associated with the hackers. In response, blockchain intelligence firm Elliptic has flagged over 11,000 wallet addresses potentially linked to the stolen funds.
Ongoing Money Laundering Tactics
According to Chainalysis, the hackers are using various mixing techniques to obscure the movement of funds. They have been converting ETH into Bitcoin and other assets, leveraging privacy-focused decentralized exchanges, cross-chain bridges, and instant swap services that do not require user identification.
While authorities and blockchain analytics firms continue to monitor the movements of the stolen funds, the Lazarus Group’s sophisticated laundering strategies pose a significant challenge for law enforcement. With only 156,500 ETH left to be moved, the Bybit exploiters may complete their laundering operations within days, further complicating asset recovery efforts.
The Bybit hack, now confirmed as the largest crypto heist in history, underscores the ongoing vulnerabilities in the digital asset space. Despite regulatory efforts to curb illicit activity, North Korea’s Lazarus Group remains adept at exploiting DeFi platforms and laundering stolen crypto assets. As authorities intensify their crackdown, the industry awaits further developments in tracking and freezing the remaining stolen funds before they are completely dispersed.
