Inside the Lazarus Group money laundering strategy

In the post-mortem of the $1.5 cardinal Bybit hack, 2 blockchain probe organizations — Nansen and Chainalysis — person revealed the Lazarus Group’s wealth laundering strategy, which includes swapping illiquid assets for liquid assets, creating a analyzable wealth trail, and letting definite wallets beryllium dormant to fto scrutiny dice down.

According to Nansen, the emblematic Lazarus Group strategy archetypal involves swapping the illiquid assets into those that are much fungible and, therefore, easier to move. After the Bybit hack, the perpetrator converted astatine slightest $200 cardinal successful staked tokens into Ether (ETH), which tin beryllium moved overmuch much easy onchain.

After this conversion from illiquid to liquid assets, the laundering process was carried out. To make obfuscation, the hacker utilized a maze of intermediate wallets to make a analyzable way aimed astatine confusing trackers. According to Chainalysis, the funds were laundered done decentralized exchanges, crosschain bridges, and adjacent instant swap services that bash not necessitate Know Your Customer (KYC) verification.

Related: Bybit CEO declares ‘war against Lazarus’ aft $1.4B hack

The complexity of Lazarus Group’s laundering efforts. Source: Chainalysis

Much of the ETH was yet swapped for Bitcoin (BTC) and stablecoins specified arsenic Dai (DAI). In immoderate cases, blockchain analysts were capable to way these movements successful existent time. That allowed definite organizations moving these decentralized protocols, specified arsenic Chainflip, to artifact the perpetrator’s attempt to launder the stolen funds.

Throughout the laundering process, the hacker kept breaking the stolen funds into smaller pools sent to a increasing fig of wallets. The archetypal “hop” divided the funds from 1 wallet to 42 wallets. The 2nd “hop” from 42 wallets into thousands.

Related: Bybit hack, withdrawals apical $5.3B, but ‘reserves transcend liabilities’ — Hacken

So far, the wealth laundered from the Bybit hack is conscionable a information of the $1.5 billion. Lazarus Group has different strategy to debar the heightened attraction that a high-profile heist brings: beryllium and wait. Some wallets with stolen wealth — a sum that crossed wallets currently amounts to $900 million) person remained dormant arsenic the radical bides its clip for the scrutiny to dice down.

The astir $1.5 cardinal hack is much than the group’s full haul successful 2024 — $1.3 cardinal implicit 47 attacks. The onslaught stands arsenic the biggest crypto heist of each time, 1 that rallied the assemblage unneurotic in enactment of Bybit and against the hackers. As Lazarus Group faces accrued scrutiny, it has continued to adapt. As Cointelegraph reported, its cyberwarfare strategy remains one of the astir lucrative and blase successful the world.

Magazine: Lazarus Group’s favourite exploit revealed — Crypto hacks analysis