Key Points
North Korea’s Lazarus Group has escalated its efforts to launder funds stolen from Bybit.
This follows the largest crypto hack in history, amounting to $1.4 billion.
On March 1, the cyberattackers transferred another 62,200 Ethereum (ETH).
This leaves them with just 156,500 ETH from the original theft, as per an analysis by EmberCN.
Details of the Laundering Operation
The latest transfer means the total amount laundered is around 343,000 ETH.
This is nearly 68.7% of the 499,000 ETH stolen during the Feb. 21 attack.
EmberCN predicts that the hackers will clear the remaining funds within the next three days based on the current pace.
This laundering is happening despite recent action by the Federal Bureau of Investigation (FBI).
The FBI officially attributed the $1.5 billion hack to North Korea in a public service announcement on Feb. 26.
The FBI announcement stated that North Korea was responsible for stealing approximately $1.5 billion in virtual assets from the cryptocurrency exchange Bybit on or about Feb. 21, 2025.
This specific North Korean cyber operation has been designated as “TraderTraitor” by the FBI.
The announcement reveals that TraderTraitor actors are moving swiftly.
They have already converted parts of the stolen assets to Bitcoin and other cryptocurrencies scattered across thousands of addresses on multiple blockchains.
FBI officials anticipate these assets will be further laundered and eventually converted to fiat currency.
The FBI is actively seeking help from the private sector.
They’ve also asked RPC node operators, exchanges, bridges, blockchain analytics firms, DeFi services, and other virtual asset service providers to block transactions linked to addresses the TraderTraitor actors are using to launder the stolen assets.
The FBI has disclosed addresses connected to the hackers.
Meanwhile, blockchain analytics firm Elliptic has stepped up monitoring efforts by flagging over 11,000 wallet addresses potentially related to the operation.
Chainalysis reports that the hackers have used various mixing techniques to conceal the trail of stolen funds.
They have also converted parts of the ETH into Bitcoin, DAI stablecoin, and other assets.
The group has mainly used decentralized exchanges, cross-chain bridges, and instant swap services without Know Your Customer (KYC) requirements.