Author: Christopher Tepedino, CoinTelegraph; Compiler: Tao Zhu, Golden Finance
In an analysis of the $1.5 billion Bybit hack, two blockchain research institutions, Nansen and Chainalysis, revealed the Lazarus Group's money laundering strategy, which included exchanging illiquid assets for liquid assets, creating complex fund flows, and leaving certain wallets idle to reduce scrutiny.
According to Nansen, the typical Lazarus Group strategy is to first exchange illiquid assets for more fungible assets and therefore easier to transfer.After the Bybit hack, the perpetrators converted at least $200 million in staked tokens into Ether, which can be transferred more easily on the chain.
After converting illiquid assets into liquid assets, the money laundering process began. To create confusion, hackers used a maze of intermediate wallets to create a complex path designed to confuse trackers. According to Chainalysis, the funds were laundered through decentralized exchanges, cross-chain bridges, and even instant exchange services that do not require Know Your Customer (KYC) verification.
The complexity of Lazarus Group's money laundering behavior. Source: Chainalysis
Most of the ETH ended up being exchanged for stablecoins like Bitcoin and Dai. In some cases, blockchain analysts were able to track these movements in real time. This allowed certain organizations that run these decentralized protocols, such as Chainflip, to thwart the perpetrators’ attempts to launder the stolen funds.
Throughout the laundering process, the hackers kept splitting the stolen funds into smaller pools, sending them to more and more wallets. The first “transfer” split the funds from one wallet into 42 wallets. The second “transfer” split the funds from 42 wallets into thousands.
The money laundered by the Bybit hackers so far is only a portion of the $1.5 billion. The Lazarus Group has another strategy to avoid the high profile that comes with high-profile thefts: sit back and wait. Some wallets containing stolen funds (currently up to $900 million across all wallets) have been lying dormant as the group awaits the end of the scrutiny.
The nearly $1.5 billion hack is more than the group will make in all of 2024 — $1.3 billion in 47 attacks. The attack, the largest cryptocurrency heist ever, rallied the community behind Bybit and against the hackers. As the Lazarus Group faces increasing scrutiny, it continues to adapt to that intensity. As reported, its cyber warfare strategy remains one of the most lucrative and sophisticated in the world.
Ljubljana, Slovenia’s capital, has overtaken Hong Kong and Singapore to become the world’s most crypto-friendly city. How did this low-profile European hub outpace the industry’s giants?
CatherineNorth Korean hackers linked to the Lazarus Group set up two fake US companies, BlockNovas LLC and SoftGlide LLC, to target cryptocurrency developers with malware through fraudulent job offers. This operation, using fabricated identities and AI-generated profiles, aims to steal sensitive data and cryptocurrency credentials.
AnaisRipple has decided against an IPO in 2025, citing its strong financial position and lack of need for external funding. Instead, the company is focusing on strategic acquisitions and long-term growth, such as its $1.25 billion purchase of Hidden Road.
WeatherlyWorld Liberty Financial has partnered with the Pakistan Crypto Council to boost blockchain, stablecoin, and DeFi growth, with plans to launch regulatory sandboxes for blockchain solutions. Pakistani officials signal full crypto legalisation is near, while Binance founder CZ’s role as a Strategic Advisor highlights the country's rising digital asset ambitions.
CatherineNike closed its RTFKT unit in December 2024, causing the value of NFTs to plummet and leaving buyers with significant financial losses. This led to a lawsuit alleging that Nike misled investors about the stability and legality of the NFTs.
AnaisLoopscale lost $5.8 million from a flaw in its collateral pricing system, including 1,200 SOL and $5.7 million in USDC. Key platform functions are now restored, and the exploiter is willing to return the funds for a bounty.
KikyoTerm Finance, an Ethereum-based lending protocol, lost around $1.6 million in ETH due to a misconfigured oracle. The team recovered over $1 million through negotiations and will cover the remaining shortfall from the protocol's treasury. A post-mortem of the incident will be released soon.
CatherineMeta cut jobs in its Reality Labs division, affecting teams like Oculus Studios and the Supernatural VR app. The layoffs are part of a move to make the division more efficient as Meta keeps investing in mixed reality.
WeatherlyDonald Trump holds the lowest 100-day approval rating of any new US president in 70 years, with polls placing him between 39% and 45%. Public trust is eroding as voters grow sceptical of his handling of the economy, immigration, trade, and inflation, casting doubt on the administration’s ability to regain confidence.
KikyoxAI is negotiating a $20 billion funding round, which could increase its valuation to $120 billion and solidify Musk's influence in the AI field. Despite challenges with debt from the acquisition of Twitter, investor interest remains high, and xAI is positioned for significant growth in both AI and social media sectors.
Weatherly