North Korea’s Lazarus Group Continues Crypto Laundering Despite US Crackdown
Hackers linked to North Korea’s Lazarus Group have resumed laundering funds from the recent Bybit hack, moving an additional 62,200 Ether (ETH) worth approximately $138 million on 1 March. This brings the total laundered amount to 343,000 ETH, leaving only 156,500 ETH yet to be moved, according to crypto analyst EmberCN.
The latest movement of funds marks an increase in laundering activity, with 68.7% of the stolen assets now transferred, up from 54% on 28 February. The hack, which took place on 21 February, saw a staggering $1.4 billion stolen from the cryptocurrency exchange Bybit, making it the largest exploit in the industry’s history.
US Authorities Struggle to Block Transactions
Despite efforts by US authorities to curb laundering attempts, the hackers have managed to bypass restrictions. The Federal Bureau of Investigation (FBI) has been actively working with crypto exchanges, blockchain node operators, and cross-chain platforms to prevent transactions linked to the exploiters.
The FBI recently released a list of 51 Ethereum wallet addresses suspected to be controlled by the Bybit hackers. Meanwhile, blockchain analytics firm Elliptic has identified over 11,000 crypto wallet addresses potentially associated with the group.
 The Bybit hacker still has another $346 million of Ether left to launder, should they choose. Source: EmberCN
Forensics firm Chainalysis reported that the hackers have been converting portions of the stolen ETH into Bitcoin (BTC), Dai (DAI), and other assets using decentralized exchanges, cross-chain bridges, and instant swap services that do not enforce Know Your Customer (KYC) protocols.
THORChain Under Fire for Enabling Transfers
Among the platforms implicated in the laundering process is THORChain, a cross-chain asset swap protocol. The project has faced mounting criticism for allegedly facilitating a significant portion of the illicit transfers.
One of THORChain’s developers, known as “Pluto,” has stepped away from the project following a controversial vote that overturned an earlier decision to block transactions linked to North Korean hackers. The platform’s founder, John-Paul Thorbjornsen, has also distanced himself, stating that he no longer has any involvement with the protocol. However, he emphasised that none of the crypto wallet addresses sanctioned by the FBI or the US Treasury’s Office of Foreign Assets Control (OFAC) have directly interacted with THORChain.
The Largest Crypto Hack in History
The Bybit hack has surpassed the infamous $650 million Ronin Bridge exploit of 2022, making it the most significant crypto-related theft to date. As the laundering process accelerates, analysts expect the remaining funds to be cleared within the next few days.
With law enforcement agencies struggling to track and block these illicit transactions, concerns continue to grow over the effectiveness of regulatory measures in preventing large-scale crypto thefts. The case also raises questions about the role of decentralised financial protocols in enabling cybercriminals to move stolen assets undetected.
