Within the autopsy of the $1.5 billion Bybit hack, two blockchain analysis organizations — Nansen and Chainalysis — have revealed the Lazarus Group’s cash laundering technique, which incorporates swapping illiquid belongings for liquid belongings, creating a posh cash path, and letting sure wallets sit dormant to let scrutiny die down.
In line with Nansen, the standard Lazarus Group technique first entails swapping the illiquid belongings into these which are extra fungible and, subsequently, simpler to maneuver. After the Bybit hack, the perpetrator transformed no less than $200 million in staked tokens into Ether (ETH), which may be moved rather more simply onchain.
After this conversion from illiquid to liquid belongings, the laundering course of was carried out. To create obfuscation, the hacker used a maze of intermediate wallets to create a posh path aimed toward complicated trackers. In line with Chainalysis, the funds had been laundered by means of decentralized exchanges, crosschain bridges, and even immediate swap companies that don’t require Know Your Buyer (KYC) verification.
Associated: Bybit CEO declares ‘struggle in opposition to Lazarus’ after $1.4B hack
The complexity of Lazarus Group’s laundering efforts. Supply: Chainalysis
A lot of the ETH was finally swapped for Bitcoin (BTC) and stablecoins similar to Dai (DAI). In some instances, blockchain analysts had been capable of monitor these actions in actual time. That allowed sure organizations operating these decentralized protocols, similar to Chainflip, to dam the perpetrator’s try and launder the stolen funds.
All through the laundering course of, the hacker stored breaking the stolen funds into smaller swimming pools despatched to a rising variety of wallets. The primary “hop” divided the funds from one pockets to 42 wallets. The second “hop” from 42 wallets into hundreds.
Associated: Bybit hack, withdrawals high $5.3B, however ‘reserves exceed liabilities’ — Hacken
Up to now, the cash laundered from the Bybit hack is only a portion of the $1.5 billion. Lazarus Group has one other technique to keep away from the heightened consideration {that a} high-profile heist brings: sit and wait. Some wallets with stolen cash — a sum that throughout wallets presently quantities to $900 million) have remained dormant because the group bides its time for the scrutiny to die down.
The practically $1.5 billion hack is greater than the group’s whole haul in 2024 — $1.3 billion over 47 assaults. The assault stands as the most important crypto heist of all time, one which rallied the group collectively in assist of Bybit and in opposition to the hackers. As Lazarus Group faces elevated scrutiny, it has continued to adapt. As Cointelegraph reported, its cyberwarfare technique stays some of the profitable and complicated on the planet.
Journal: Lazarus Group’s favourite exploit revealed — Crypto hacks evaluation