The quick laundering of over $400 million from Bybit’s hack suggests North Korea may have expanded its operations, analysts say.
Over $400 million from Bybit‘s $1.46 billion incident was laundered in just days, with analysts at blockchain forensic firm TRM Labs now raising serious concerns that North Korea may have expanded its laundering operations.
In a Feb. 27 blog post, the analysts pointed out that Bybit’s attackers moved nearly half a billion in less than a week, using intermediary wallets, crypto swaps, decentralized exchanges, and cross-chain bridges to hide the trail.
“This rapid laundering suggests that North Korea has either expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to absorb and process illicit funds.”
TRM Labs
The analysts note that North Korean hackers typically use crypto mixers to hide stolen funds before cashing out. But the scale of the Bybit incident has forced them to adopt new methods. Instead of mixers, they are now using multiple wallets and decentralized platforms to obscure the money trail.
Initially, some stolen Ethereum was sent through BNB Chain and Solana. Now, most of it has been sent to the Bitcoin network. Despite the quick laundering, much of the Bitcoin remains untouched, suggesting the attackers are preparing for large-scale liquidation through OTC networks, the analysts suggest.
Bybit lost $1.46 billion in a multi-stage attack, which security experts link to Safe Wallet. The attackers reportedly compromised a Safe{Wallet} developer’s device, tricking Bybit’s Safe wallet owner into signing a malicious transaction.
