Beosin: Once the funds related to the Bybit exchange hacker attack enter the Tornado.cash mixer, the fund penetration analysis will be immediately initiated

Odaily reported that the Beosin security team has conducted an in-depth investigation and analysis of the stolen funds from the Bybit exchange hack. The research found that one of the addresses holding the stolen funds, 0x36ed3c0213565530c35115d93a80f9c04d94e4cb, transferred 5,000 ETH to the split address 0x4571bd67d14280e40bf3910bd39fbf60834f900a on UTC time 2025-02-22 06:28:23. The funds were then split into various amounts ranging from tens to hundreds of ETH and further transferred to multiple addresses at a frequency of a few minutes. Notably, some of the funds were attempted to be cross-chained to a BTC address bc1qlu4a33zjspefa3tnq566xszcr0fvwz05ewhqfq via Chainflip, indicating the hackers' efforts to further obscure the flow of the funds. Additionally, on UTC time 2025-02-22 07:44:47, the split address transferred 56.68 ETH to the blacklisted address 0x33d057af74779925c4b2e720a820387cb89f8f65, which is tagged as "Hacker: Phemex Hacker" in the Beosin database, and the "Phemex exchange $85 million theft incident" is known to be carried out by the notorious Lazarus Group. This key finding further corroborates the previous inference based on the attack pattern and similarities to the WazirX incident, suggesting that the Bybit exchange hack is highly likely related to the Lazarus Group. It is worth noting that in the Phemex incident, some of the stolen funds were transferred to mixers like Tornado Cash to obscure their trail. Regarding the Bybit incident, Beosin is fully prepared, and if the relevant funds enter the Tornado.cash mixer, Beosin will immediately initiate a fund tracing analysis. The dedicated task force is equipped with the latest version of the Tornado Cash penetration algorithm and has several professional analysts who have successfully completed fund tracing in similar cases, ensuring efficient tracking of the fund flows to provide strong support for subsequent actions. Currently, the Beosin security team is collaborating with the Bybit security team to track the stolen funds.