On March 1, the Bybit hackers significantly accelerated their laundering activities, transferring another 62,200 Ether, valued at $138 million, as U.S. authorities intensified efforts to thwart these illicit transactions. This heist was part of the notorious February 21 Bybit breach, where a total of 499,000 Ether was stolen. According to a crypto analyst known as EmberCN, about 343,000 Ether, representing 68.7% of the total stolen assets, had already been laundered, an increase from 54% the previous day, leaving around 156,500 Ether yet to be moved.
Despite attempts by the U.S. Federal Bureau of Investigation to halt these activities by urging node operators, crypto exchanges, and other platforms to block transactions linked to the hackers, a substantial amount of Ether remains to be laundered.
A blockchain analytics firm, Elliptic, has identified over 11,000 crypto wallet addresses potentially connected to the hackers. Meanwhile, the FBI has shared 51 Ethereum addresses tied to the Bybit hackers. It is suspected that the hackers have converted some stolen Ether into other digital assets such as Bitcoin and the stablecoin Dai, using decentralized exchanges and cross-chain services that bypass Know Your Customer protocols.
One such cross-chain protocol, THORChain, came under scrutiny for allegedly facilitating these illicit transfers. Following intense criticism and a proxy vote that attempted to block transactions linked to the North Korean hackers, one THORChain developer, “Pluto,” decided to cease their contributions to the protocol. John-Paul Thorbjornsen, the founder of THORChain, clarified his detachment from the current operations of the protocol, asserting that none of the addresses sanctioned by the FBI and the U.S. Treasury have interacted with it.
The Bybit hack, amounting to $1.4 billion, stands as one of the largest in the cryptocurrency industry, surpassing the losses from the Ronin bridge hack in March 2022.
