- Lazarus Group Moves More Funds – North Korea’s hackers laundered 62,200 Ether, bringing total transferred assets to 343,000 ETH (68.7%).
- FBI Tracks Stolen Crypto – U.S. authorities identified 51 Ethereum addresses linked to Bybit hackers; analysts found 11,000 related wallets.
- THORChain Under Fire – The protocol enabled illicit transfers; backlash grew after a vote to block hacker-linked transactions was overturned.
On March 1, the Bybit hackers accelerated their activities, laundering an additional 62,200 Ether while US authorities worked to halt transactions associated with the perpetrators. THORChain, a widely used asset swap protocol, faces backlash for enabling illicit transfers linked to the Bybit hackers.
Lazarus Group Launders Additional Ether from Bybit Hack
The Lazarus Group from North Korea laundered an additional 62,200 Ether, valued at $138 million, from the Bybit hack on February 21 on March 1—meaning that just 156,500 remains to be transferred, a pseudonymous cryptocurrency analyst observed.
Around 343,000 Ether of the 499,000 Ether taken in the $1.4 billion Bybit breach has been transferred, according to X user EmberCN, who anticipates the remaining assets will be moved within the next three days. The 343,000 Ether that has been moved represents 68.7% of the stolen assets — an increase from 54% on February 28.
FBI and Blockchain Analysts Track Stolen Funds
EmberCN previously remarked that money laundering actions had decreased due to initiatives from the US Federal Bureau of Investigation urging node operators, cryptocurrency exchanges, bridges, and others to obstruct transactions associated with the Bybit hackers
The FBI revealed 51 Ethereum addresses associated with, or connected to, the Bybit hackers, while the blockchain analytics company Elliptic has identified more than 11,000 cryptocurrency wallet addresses that might be related to them.
The crypto forensics company Chainalysis reported that the hackers converted some of the stolen Ether into Bitcoin, the Dai stablecoin, and various other assets via decentralized exchanges, cross-chain bridges, and instant swap services that lacked Know Your Customer protocols.
THORChain Faces Backlash Over Transaction Facilitation
One of those protocols is the THORChain cross-chain asset swap protocol. The protocol’s developers have faced considerable backlash for enabling a large portion of transfers conducted by North Korean hackers.
A developer of THORChain, named “Pluto,” stated that they would stop supporting the protocol following the reversal of a vote intended to prevent transactions linked to North Korean hackers.
THORChain founder John-Paul Thorbjornsen stated he is no longer involved with the crosschain protocol, highlighting that none of the crypto wallet addresses sanctioned by the FBI and the Treasury’s Office of Foreign Assets Control have engaged with the protocol.
The $1.4 billion Bybit hack on February 21 was the biggest breach in the crypto sector, exceeding losses from the March 23, 2022 Ronin bridge hack, which was $650 million, by over double.
