Cryptocurrency Exchange Bybit CEO Ben Zhou said 27.95% of the lost funds in the $1.4 billion exploit designed by North Korean Lazarus Group is dark or difficult to handle.
“The total hacked funds of US$1.4 billion were around 500 KETH. 68.57% were traceable, 27.59% were dark and 3.84% were frozen.
The untraceable fund moved to the mixer and then via the bridge to P2P (peer-to-peer) and OTC (commercial) platforms, mentioning the use of Wasabi, a crypto mixer, and washing away a certain amount of BTC.
The malicious entities then performed multiple cross-chain swaps via Thorchain, Exchage, Lombard, Lifi, Stargate, Sunswap, and the final stage of converting these illegal funds into more liquid assets.
The North Korean-related Lazarus group hacked Bibit in February, releasing 500,000 ether (ETH) by “controlling certain ETH cold wallets and moving all ETHs in the cold wallet to this unidentified address.”
Forensics reveals that a total of 432,748 ETH, accounting for 84.45% of the funds that were hacked, was transferred from ether to Bitcoin via Torcaine. In particular, 67.25% of these funds correspond to 342,975 ETH (approximately $960.33 million), converted to 10,003 BTC, distributed in 35,772 wallets, with an average of 0.28 BTC per wallet.
Additionally, 1.17% of the fund, or 5,991 ETH (approximately $16.77 million), remains in the Ethereum blockchain, hidden in 12,490 wallets.
Finally, the Lazarus Bounty Initiative received 5,443 reports in two months, of which 70 are considered valid. Zhou said the exchange would require “more praisers who can decode the mixer because they need a lot of help going down the road.”