Pirates who stole approximately $ 1.4 billion in cryptocurrency at Crypto Exchange Bybit moved almost all stolen products and converted them into Bitcoin, in what experts call the first phase of the money laundering operation.
On February 21, Bybit said that a “sophisticated attack” against one of the company’s portfolios had led to the flight of 401,346 Ethereum, worth around 1.4 billion dollars at the time, in what was the largest cryptographic flight in history and perhaps the largest robber of all kinds. Blockchain surveillance companies and researchers, as well as the FBI, accused the North Korean government of being behind the hack.
Since the digital flight, the pirates have moved all the Ethereum they stolen from the dozens of cryptographic portfolios which they originally divided the product and converted most of the Bitcoin funds, according to Tom Robinson, co-founder and chief scientist of the cryptographic surveillance company Elliptic; And Ari Redbord, a former federal prosecutor and senior treasure responsible who is now head of the TRM Labs policy, also a blockchain surveillance company.
Andrew Fierman, Head of National Security Information of the Chainalysis Blockchain Surveillance Company, told Techcrunch that the company followed approximately 90% of stolen surveys: “The majority was converted to [Bitcoin] and are detained in approximately 4,400 addresses. »»
“The remaining ~ 10% of stolen funds were lost due to costs / gels / excluding ramps,” said the company. Ramp are services that transform crypto into species.
During this first phase between February 24 and March 2, the North Korean pirates took measures to obscure the origins of the stolen cryptocurrency. According to Redbord, the pirates did so by relying mainly on Thorswap, a decentralized protocol which allows users to exchange assets on different blockchains “without the need for an intermediary”.
These laundering steps, said Redbord, have shown an “unprecedented level of operational efficiency” of pirates.
“This rapid whitening suggests that North Korea has been expanding its money laundering infrastructure, or that underground financial networks, especially in China, have strengthened their ability to absorb and treat illicit funds,” said Redbord. “The scale and speed of this operation present new challenges for investigators, because the traditional mechanisms of fighting money laundering (LMA) have trouble keeping the rhythm of the high volume of illicit transactions.”
At the same time, Redbord and Robinson said it was just the start of the pirates.
“They still have a way to go to benefit from these funds,” Robinson told Techcrunch.
Contact us
Do you have more information on the hacking of Bybit or other cryptographic burglaries? From a device and a non-work network, you can contact Lorenzo Franceschi-Bicchierai safely on the signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or e-mail. You can also contact Techcrunch via Securedrop.
Redbord explained that, for the moment, the second phase consisted in depositing “an initial edge” of the stolen funds – now Bitcoin – in mixers, which are designed to “create a doubt in the tracing process” for the investigators. Crypto mixers (or goblets) are services designed to obscure the origin and destination of someone’s cryptocurrency by mixing it with the funds of other users.
“Until this point, anyone with patience and the will could follow the flow of relay funds. The mixers, however, are major obstacles for most investigators, “said Robinson.
Redbord, however, noted that mixers generally receive a volume of a few to $ 10 million a day, therefore “if these mixers can continue to absorb the amount of money in play is an open question.”
In other words, while the hackers have obtained a major amount of Record bybit loot, it is still not known to what extent the hackers will be able to convert into species.
But there is still hope so that Bybit would recover a game, according to Robinson.
“It is likely that at least some of these funds will go through exchanges, where they could potentially be frozen,” said Redbord. “It is simply a question of knowing whether these exchanges are aware fairly quickly enough to manage stolen assets.”
After hacking, Bybit offered a total bonus of $ 140 million to anyone who could help trace funds and freeze them, a process that prevents anyone from accessing funds. The company said that it would pay 5% of the funds recovered from “the entity that has successfully turned the funds” and 5% to the one who reported for the first time the funds and led them to frozen. To date, Bybit has only granted $ 4.3 million to 19 bonuses, according to The official premium page.
Bybit did not respond to a request for comments.
