Bybit Hackers Convert Over 209,384 ETH to Bitcoin via ThorChain, Making Funds Harder to Trace
Hackers responsible for the Bybit hack have converted over 209,384 ETH, approximately $480 million, into Bitcoin using ThorChain, according to Taylor ‘Tay’ Monahan, the Head of Security at MetaMask. A significant portion of these funds has gone through ThorChain, a decentralized cross-chain swapping platform.
This movement represents more than half of the 400,000 ETH stolen in the attack, which also includes 113,000 ETH in derivative tokens. Arkham Intelligence, a tracker of hacker-related wallets, has confirmed that $240 million has been converted into native Bitcoin through ThorChain.
The halt of a chain is an operational setting. It requires 3 node votes to be effective. 4 to be reversed. The vote was reversed within minutes. Decentralization in action.
The FBI has officially attributed the attack to the Lazarus Group, the North Korean hacking collective responsible for several major cyber attacks in the crypto industry. These cyber criminals use decentralized protocols to disperse funds across thousands of blockchain addresses, making their traceability more difficult.
ThorChain Under Fire
The ability of Lazarus to use ThorChain to launder funds has sparked tensions within the protocol’s community. Some developers and validators have tried to block the hack-related transactions, but ThorChain’s decentralized model quickly nullified these attempts.
When the majority of your flows come from the largest heist in history by North Korea, it becomes a matter of national security. It’s no longer a game.
Meanwhile, ThorChain has recorded a record volume of $737 million in transactions in a single day, fueled by the hackers’ swaps.
Some users rejoice in this, while validators clash over whether to maintain or stop the swaps.
Bybit Aims to Recover Funds
Faced with the magnitude of the theft, Bybit has stepped up its efforts to recover a portion of the stolen funds. The exchange initially offered a 10% reward to anyone who could return the funds. More recently, its CEO announced an additional 5% bonus for exchanges, bridges, and mixers that helped freeze the hackers’ assets.
However, some platforms like eXch, an exchange known for its lax KYC requirements, have disabled ETH and ERC-20 token swaps, limiting the hackers’ ability to transfer their funds.
A Sophisticated Strategy to Obfuscate Trails
Shortly after the Bybit cold wallet hack, Lazarus divided the funds into three distribution addresses before fragmenting them into dozens of new addresses. To avoid detection, they converted ETH derivatives (stETH, cETH) into ETH through Uniswap, Paraswap, and KyberSwap, before transferring the tokens to ThorChain and other bridges.
An Increased Risk for Decentralized Finance
The Bybit attack highlights the challenges of regulating and tracking financial flows in the DeFi space. Decentralized tools allow criminals to operate on a large scale while remaining elusive. The question remains whether ThorChain and other bridges will withstand the increasing pressure from regulators in the face of what could be one of the largest crypto money laundering cases in history.
