Criminal Organization Lazarus Group Launders Stolen $1.5B from Bybit Hack through THORChain Decentralized Exchange
In the aftermath of the major hack on cryptocurrency exchange Bybit in early 2025, the situation continues to unfold. The stolen funds, amounting to approximately $1.4 billion in Ethereum, have been traced, with the majority remaining in circulation.
According to Bybit Co-founder and CEO, Ben Zhou, 77% of the stolen funds remain traceable, while 20% are unaccounted for, and 3% have been frozen. The laundered funds were primarily transferred into Bitcoin (BTC) from Ethereum (ETH). A significant portion, 361,255 ETH or $900 million (72%), was processed through THORChain, with transactions remaining traceable.
The North Korean hacker group Lazarus Group has been identified as the main suspect behind the Bybit hack. They are believed to have laundered the funds through THORChain within two weeks, converting and mixing them via cross-chain swaps and crypto mixers. This allowed the hackers to retain possession of most of the proceeds.
Several entities have assisted Bybit in freezing the stolen funds. Eleven entities, including Mantle, Paraswap, and ZachXBT, played key roles. Seven exchanges have cooperated with Bybit in the effort, while one-Xch, a no-KYC swap service, has refused to freeze assets connected to the hack.
Bybit has introduced a tracking website to monitor the movement of its stolen funds and is offering a bounty to those who assist in freezing them. To date, a total of $2,178,797 USDT has been distributed to 11 bounty hunters for their contributions.
The THORChain protocol, a decentralized cross-chain liquidity protocol, processed over $5.5 billion in transaction volume following the Bybit hack. Despite surpassing $5 million in revenue, the protocol has come under scrutiny for its involvement in processing illicit transactions.
The Lazarus Group's alleged laundering of funds has not been without controversy. On February 28, a developer known as "Pluto" resigned after a decision to block transactions linked to North Korean hackers was overturned. On March 4, crypto commentator Yogi alleged that THORChain played a role in laundering $605 million linked to North Korea.
However, supporters of THORChain argue that, as an open-source and decentralized protocol, it operates independently and does not function as a law enforcement entity. This raises questions about the responsibility and accountability of such decentralized platforms in the face of criminal activity.
As the investigation continues, the cryptocurrency community and law enforcement agencies alike will be closely watching the developments surrounding the Bybit hack and the role of THORChain in the laundering of stolen funds.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
- Russia intends to manufacture approximately 79,000 Shahed drones by the year 2025, according to Ukraine's intelligence.
- Dynamic interplay of power and communication channels set the course for the network's new era
