In the recent Bybit platform hack, the hackers used social engineering techniques and manipulated smart contracts to seize the funds. They managed to convince the Bybit team to execute a transaction through a fake user interface that appeared completely legitimate, which included a trusted address and a URL belonging to Safe, a popular digital wallet management tool. When the transaction was executed, the code contained malicious instructions that altered the logic of the cold wallet smart contract, giving the attackers full control over the digital assets and allowing them to steal huge amounts of ETH without initially raising suspicion.
After stealing the funds, the hackers converted them to Ethereum (ETH) through decentralized exchanges, making it more difficult to trace the money. They also used cryptocurrency mixing services like THORChain to convert the stolen Ethereum into Bitcoin (BTC), further complicating the tracing process.
After the money was stolen from the Bybit platform, the hackers used several methods to launder the money to hide its illegal source and make it look like clean money. Here are some steps they followed:
**Stages of Money Laundering:**
1. **Deposit Stage:**
- The hackers deposited the stolen funds into various bank accounts or converted them into other cryptocurrencies through decentralized exchanges. This helps to hide the original source of the funds.
2. **Concealment Stage:**
- The money was transferred between multiple accounts and cryptocurrency mixing services like THORChain were used. This step aims to complicate the tracking of the funds and make them appear as if they come from legitimate sources.
3. **Integration Stage:**
- At this stage, the laundered money was used to purchase legitimate assets such as real estate or investments in shell companies. This helps to integrate the funds into the legitimate economy and makes them appear as legal profits.
**Additional Methods for Money Laundering:**
- **Using Cryptocurrencies:** Converting money into cryptocurrencies like Bitcoin and Ethereum, then converting them into other currencies or using them in business transactions.
- **Investing in Assets:** Buying valuable assets such as real estate or luxury cars and later selling them for clean money.
- **Shell Companies:** Creating shell companies and using them as a front to convert illegal funds into legitimate money.
The identity of the hackers who targeted the Bybit platform has been identified. According to investigations, the North Korean "Lazarus Group" is responsible for this breach. The investigations were based on evidence linking the incident to a previous breach of the Phemex platform last January, which resulted in losses of $70 million.
So far, members of the North Korean Lazarus Group have not been apprehended. Despite being identified by the FBI and sanctioned, they remain active and continue to carry out cyberattacks and steal cryptocurrencies.
