The Lazarus Group of North Korea has ramped up its activities to launder funds obtained from Bybit in the wake of what is described as the most prominent cryptocurrency hack to date, amounting to $1.4 billion.
On March 1, cyberattackers transferred an additional 62,200 ETH, equivalent to $138 million. The remaining balance stands at 156,500 Ethereum (ETH). According to an analysis conducted by crypto researcher EmberCN, 5.59% of Ethereum remains the result of the original theft.
The recent transfer has increased the total laundered amount to around 343,000 ETH, representing nearly 68.7% of the 499,000 ETH taken during the attack on February 21. EmberCN has indicated that, at the current rate, hackers are expected to deplete the remaining funds within three days.
The rapid laundering activities persist even after recent actions by the Federal Bureau of Investigation (FBI). In a public service announcement released on February 26, the FBI officially linked the $1.5 billion hack to North Korea.
The FBI verifies North Korean culpability
The FBI has announced that North Korea is believed to have stolen around $1.5 billion in virtual assets from the cryptocurrency exchange Bybit, with the incident occurring on or about February 21, 2025.
The FBI has officially labeled this cyber operation attributed to North Korea as “TraderTraitor.”
The announcement reveals that TraderTraitor actors are acting swiftly, having already transformed segments of the stolen assets into Bitcoin and various other cryptocurrencies, which are now spread across thousands of addresses on multiple blockchains.
FBI officials anticipate these assets undergoing additional laundering processes before transforming into fiat currency.
The FBI is seeking collaboration from the private sector to aid its efforts. In recent developments, authorities have urged RPC node operators, exchanges, bridges, blockchain analytics firms, DeFi services, and various virtual asset service providers to prevent transactions associated with the addresses the TraderTraitor actors utilize for laundering stolen assets.
The FBI has released addresses associated with the hackers, and blockchain analytics firm Elliptic has intensified its monitoring activities by identifying more than 11,000 wallet addresses that may be connected to the operation.
Chainalysis reports that the hackers employed various mixing techniques to obscure the path of the stolen funds. Portions of the ETH have been converted into Bitcoin, DAI stablecoin, and various other assets.
The group has predominantly engaged with decentralized exchanges, cross-chain bridges, and instant swap services that do not impose Know Your Customer (KYC) requirements.