Uncovering Lazarus’ money laundering strategy

Jinse Finance Bit Nansen TRON Dai ETH HT OP AR RON ONG CHR Bybit The article was written by Christopher Tepedino of CoinTelegraph and translated by Tao Zhu of Jinse Finance. In an analysis of the $150 million Bybit hack, two blockchain research firms, Nansen and Chainalysis, have revealed the money laundering strategies of the Lazarus Group, including converting illiquid assets into liquid assets, creating complex fund flows, and keeping some wallets dormant to reduce scrutiny. According to Nansen, a typical Lazarus Group strategy is to first convert illiquid assets into more fungible assets, making them easier to transfer. After the Bybit hack, the criminals converted at least $20 million in staked tokens into Ether, which can be more easily moved on-chain. After converting illiquid assets into liquid assets, the money laundering process begins. To create confusion, the hackers used an intermediary wallet maze to create a complex path, aiming to obfuscate tracers. According to Chainalysis, these funds were laundered through decentralized exchanges, cross-chain bridges, and even instant swap services that do not require know-your-customer (KYC) verification. Most of the ETH was ultimately converted into Bitcoin and stablecoins like Dai. In some cases, blockchain analysts were able to track these movements in real-time, allowing some organizations running decentralized protocols (like Chainflip) to prevent criminals from whitewashing the stolen funds. Throughout the money laundering process, the hackers continuously split the stolen funds into smaller pools, sending them to an increasing number of wallets. The first "transfer" split the funds from one wallet into 42 wallets. The second "transfer" split the funds from 42 wallets into thousands. So far, the Bybit hacker's laundered funds are just a portion of the $150 million. The Lazarus Group has another strategy to avoid the high-profile attention of the theft: waiting it out. Some wallets holding the stolen funds (currently totaling over $90 million across all wallets) remain dormant, as the group waits for the scrutiny to die down. This nearly $150 million hack is more than the group's entire revenue in 2024 - $130 million from 47 attacks. This attack is the largest cryptocurrency heist in history, and it has united the community in support of Bybit and against the hackers. As the Lazarus Group faces increasingly stringent scrutiny, it continues to adapt to this level of examination. As reported, its cyber warfare strategy remains one of the most profitable and sophisticated in the world.