The North Korean Lazarus Group, responsible for the $1.4 billion theft, is using Cryptomixer and Wasabi Wallet to cover the fund traces.
According to blockchain analytics firm Elliptic, the hackers behind the Bybit attack have initiated the laundering process of the stolen funds using mixers and CoinJoin transactions. The company revealed that the North Korean Lazarus Group has started moving part of the stolen money through wallets and services that enhance transaction privacy.
Elliptic confirmed that the hackers are using Cryptomixer and Wasabi Wallet after previously converting the stolen ETH into Bitcoin through the eXch exchange. This move likely represents the final phase of their plan to make the stolen funds, estimated at $1.4 billion, untraceable.
In its report, Elliptic stated:
“As seen in other North Korea-related thefts, these bitcoins have now started moving through mixers to further obscure transaction trails. This process has just begun, but stolen assets worth hundreds of thousands of dollars have already been sent through Cryptomixer and Wasabi Wallet.”
Cryptomixer, active since 2016, is a centralized mixer where users deposit their bitcoins into a pool controlled by the operator and then withdraw them, minus fees, using different addresses. In contrast, Wasabi Wallet is a non-custodial, privacy-focused wallet that uses CoinJoin transactions to obfuscate transaction paths.
So far, only hundreds of thousands of dollars have been moved through the mixers. Meanwhile, efforts continue to recover as much of the stolen Bybit funds as possible. According to the latest report by on-chain investigator ZachXBT, $43,000 linked to the attack have been frozen on OKX thanks to cooperation with the exchange’s team.
