In the recent Bybit platform hacking incident, the hackers used social engineering techniques and manipulated smart contracts to seize the funds. They managed to convince the Bybit team to execute a transaction through a fake user interface that looked completely legitimate, which included a trusted address and a URL belonging to the Safe platform, a popular tool for managing digital wallets. When executing the transaction, the code contained malicious instructions that altered the logic of the cold wallet's smart contract, giving the attackers full control over the digital assets and stealing massive amounts of ETH without raising suspicions initially.
After the theft of the funds, the hackers converted them to Ethereum (ETH) via decentralized exchanges, making tracking the money more difficult. They also used cryptocurrency mixing services like THORChain to convert the stolen Ethereum to Bitcoin (BTC), further complicating the tracking process.
After the theft of funds from the Bybit platform, the hackers used several methods to launder the money to hide its illegal source and make it appear as clean money. Here are some steps they followed:
**Stages of Money Laundering:**
1. **Deposit Stage:**
- The hackers deposited the stolen funds into different bank accounts or converted them to other cryptocurrencies via decentralized exchanges. This helps to obscure the original source of the funds.
2. **Concealment Stage:**
- The funds were transferred between multiple accounts and mixed using cryptocurrency mixing services like THORChain. This step aims to complicate the tracking of the money and make it appear as if it comes from legitimate sources.
3. **Integration Stage:**
- In this stage, the laundered money was used to purchase legitimate assets such as real estate or investments in shell companies. This helps to integrate the money into the legitimate economy and make it appear as legal profits.
**Additional Methods of Money Laundering:**
- **Using Cryptocurrencies:** Converting money into cryptocurrencies like Bitcoin and Ethereum, then converting them to other currencies or using them in business transactions.
- **Investing in Assets:** Purchasing valuable assets such as real estate or luxury cars and selling them later for clean money.
- **Shell Companies:** Creating shell companies and using them as a front to convert illegal money into legitimate funds.
The identities of the hackers who targeted the Bybit platform have been identified. According to investigations, it was determined that the North Korean "Lazarus Group" is responsible for this breach. The investigations were based on evidence linking the incident to a previous breach of the Phemex platform last January, which incurred losses of $70 million.
So far, the members of the North Korean Lazarus Group have not been caught. Despite being identified by the FBI and facing sanctions, they remain active and continue to carry out cyberattacks and steal cryptocurrencies.