Bybit exploit six months on: Novel laundering tactics, techniques and procedures and the looming threat of DPRK
Contents
- August 21st marks six months since the infamous Bybit exploit
- Here we discuss some of the laundering methodologies and tactics observed, including use of refund addresses, cross-chain laundering, mixers, and the creation of new, worthless tokens
On February 21st 2025, Dubai-based exchange Bybit fell victim to the largest confirmed crypto theft in history. Across just two transactions, approximately $1.46 billion in Ether (ETH) and ERC-20 tokens were transferred to a single attacker-controlled address. Elliptic was one of the first to publicly call the exploit a North Korean act.
In our February blog we explained how initial stolen assets were distributed across multiple addresses for the first stage of laundering. In this article we’ll discuss some of the other techniques and methods employed to launder the funds to eventual endpoints, with a particular focus on those which differed from North Korea’s usual laundering tactics, techniques and procedures.
zeroShadow’s recent report indicates that over …
- Here we discuss some of the laundering methodologies and tactics observed, including use of refund addresses, cross-chain laundering, mixers, and the creation of new, worthless tokens
On February 21st 2025, Dubai-based exchange Bybit fell victim to the largest confirmed crypto theft in history. Across just two transactions, approximately $1.46 billion in Ether (ETH) and ERC-20 tokens were transferred to a single attacker-controlled address. Elliptic was one of the first to publicly call the exploit a North Korean act.
In our February blog we explained how initial stolen assets were distributed across multiple addresses for the first stage of laundering. In this article we’ll discuss some of the other techniques and methods employed to launder the funds to eventual endpoints, with a particular focus on those which differed from North Korea’s usual laundering tactics, techniques and procedures.
zeroShadow’s recent report indicates that over …