The $1.5 billion hack of the Bybit exchange, believed to have been carried out by North Korean hacker group Lazarus, is entering a large-scale money laundering phase. According to the latest report, the hackers used ThorChain, a decentralized trading platform, to launder over $240 million, raising concerns about the security of the crypto ecosystem.

Lazarus Launders Money Through ThorChain
Data from Arkham Intelligence shows that the hacker group transferred at least 209,384 ETH (about $480 million) to Bitcoin, accounting for more than half of the 400,000 ETH stolen. Of this, more than $240 million was laundered through ThorChain, a decentralized cross-chain swap platform. Swapping ETH to Bitcoin helped Lazarus hide its tracks, making it extremely difficult to trace.

According to security expert Taylor Monahan from MetaMask, the hacker made 3,934 cross-chain transactions in just 115 hours after the hack, at a rate of about $3.23 million per hour. In addition to ThorChain, Lazarus also used the decentralized exchange eXch, which had previously refused to cooperate. However, under pressure from the community, eXch disabled ETH and ERC-20 swaps to limit the hacker's ability to launder money.

In response, Bybit offered a 5% reward for the value of stolen assets to exchanges, bridges, and mixers that freeze the funds, while maintaining a 10% reward for anyone who can help recover the assets.

Community Criticizes ThorChain, Lead Developer Resigns
The incident has made ThorChain the center of controversy as the platform failed to take measures to prevent the flow of stolen funds. On February 26 and 27, the transaction volume on ThorChain skyrocketed to $859 million and over $700 million, most of which came from the Bybit hacker's flow.

Some ThorChain developers and validators expressed concerns about the platform becoming a tool for cybercriminals to legitimize stolen assets, putting the project at risk of being subject to closer regulatory scrutiny. Three validators on ThorChain voted to block transactions from the Bybit hacker, but the decision was quickly reversed due to the network's decentralized consensus mechanism.

Under pressure from the community, Mr. Pluto - the lead developer of ThorChain - announced his resignation and left the project.

Lazarus’ Sophisticated Money Laundering Strategy
Immediately after stealing assets from Bybit, the Lazarus hackers split the funds into three main wallets, then continued to disperse them into dozens of new wallets to make it difficult to trace. The group also converted ETH derivatives (stETH, cETH) into ETH through DEXs such as Uniswap, Paraswap, and KyberSwap.

Not only did the hackers swap ETH for Bitcoin, they also used various networks such as Arbitrum, Solana, and BNB Smart Chain to further disperse the assets. In addition, the group also took advantage of cross-chain bridges and decentralized exchanges (DEXs) to hide the flow of funds, making asset recovery even more challenging.

Conclusion
The Bybit hack is becoming one of the largest money laundering campaigns in crypto history. The Lazarus group continues to employ the tactic of spreading assets across multiple platforms, taking advantage of cross-chain bridges like ThorChain to hide their tracks. This has sparked a heated debate in the community between protecting the decentralization of ThorChain and concerns about the risk of the platform becoming a tool for cybercriminals.

Although the FBI has confirmed that the Lazarus group was behind the attack, tracing and recovering the stolen assets remains a major challenge for Bybit and investigative agencies. In the context of the growing popularity of cryptocurrencies, this incident raises the thorny issue of cybersecurity and the responsibility of decentralized platforms in combating large-scale money laundering activities.