The Lazarus Group of North Korea laundered another 62,000 Ether on March 1. The stolen funds, worth $138 million, came from the February 21 Bybit hack. A pseudonymous crypto analyst noted that this leaves only 156,500 left to be moved.
EmberCN, an X user, said that hackers have moved an estimated 343,000 Ether out of the 499,000 Ether stolen in the $1.4 billion Bybit hack. The user expects the hackers to clear the remaining funds in the next three days.
Up from 54% on February 28, the 343,000 Ether moved equates to 68.7& of the stolen funds.
Recently, EmberCN noted that laundering activities had slowed amid efforts by the U.S. Federal Bureau of Investigation. The FBI urged node operators, crypto exchanges, bridges, and others to block transactions linked to the Bybit hackers.
Blockchain analytics firm Elliptic has flagged over 11,000 crypto wallet addresses potentially linked to the hackers. Meanwhile, the FBI has identified and shared 51 Ethereum addresses operated by or connected to the Bybit hackers.
According to crypto forensics firm Chainalysis, the hackers converted portions of the stolen Ether into Bitcoin (BTC), the Dai (DAI) stablecoin, and other assets. They used decentralized exchanges, cross-chain bridges, and instant swap services that lack Know Your Customer (KYC) protocols.
The cross-chain asset swap protocol THORChain is one of the included protocols. For facilitating a significant share of transfers made by North Korean hackers, developers behind the protocol have received heavy criticism.
One of the developers of THORChain, known as ‘Pluto,’ said they would no longer contribute to the protocol after the community reverted a vote to block North Korean hacker-linked transactions.
John-Paul Thorbjornsen, founder of THORChain, told Cointelegraph that none of the sanctioned crypto wallet addresses listed by the FBI and the Treasury’s Office of Foreign Assets Control have interacted with the protocol. He also noted that he has stepped away from the cross-chain protocol.
