Hackers successfully laundered 499,000 ETH stolen from Bybit exchange. The FBI officially linked the incident to North Korea, with THORChain as the primary laundering channel.
Cryptocurrency Laundering via THORChain
According to EmberCN, hackers laundered the stolen assets worth $1.39 billion in 10 days using THORChain, where $5.9 billion in transactions were processed, earning $5.5 million in fees. The funds were laundered through mixing services and platforms without KYC verification.
North Korean Involvement
The FBI linked the Bybit hack to North Korean cyber actors known as TraderTraitor. The agency reported that part of the ETH was converted into Bitcoin and other cryptocurrencies, then dispersed across thousands of addresses. The FBI called on RPC node operators, crypto exchanges, and other services to block transactions related to the stolen assets.
How the Hack Happened
The hack occurred during a routine transfer of Ethereum from a cold wallet to a warm wallet used for daily trading. The attacker exploited security vulnerabilities and transferred the funds to an unknown address. Bybit assured users of the safety of their holdings, with CEO Ben Zhou stating that losses will be covered thanks to $20 billion in customer assets.
Despite the successful theft and laundering of the stolen assets, Bybit is actively seeking recovery methods and offers a bounty for their return. Meanwhile, the incident highlights the threat of North Korean cyberattacks in the crypto sector.
