North Korean Hackers Approach Final Stages of Laundering 499,000 ETH Amid Criticism of Circle’s Response Time

• North Korean hackers responsible for one of the largest crypto thefts are rapidly laundering stolen assets, putting pressure on exchanges and regulators.

• The laundering of the remaining 156,500 ETH is expected to be completed within a few days, raising concerns about security protocols in the crypto industry.

• “The group has demonstrated an unprecedented level of operational efficiency in laundering stolen funds,” noted a representative from TRM Labs.

North Korean hackers are on the verge of laundering the last of the 499,000 ETH stolen from Bybit, prompting a call for improved security measures in the crypto sector.

North Korean Hackers Ramp Up Bybit Laundering Efforts

As of March 1, the North Korean hacking group has maneuvered an additional 62,200 ETH, valued at approximately $138 million, leaving only 156,500 ETH unlaundered from the original haul of 499,000 ETH.

Crypto investigator EmberCN, who has been meticulously tracking these illicit movements, indicates that at the current laundering velocity, funds could be entirely hidden from authorities in just a few days.

“Since the hacker resumed operations yesterday at 3 PM, they have successfully laundered 62,200 ETH valued at $138 million. With this swift progress, it is projected that the remaining 156,500 ETH (equivalent to $346 million) will be laundered within the next three days,” EmberCN shared on X.

This aligns with insights from blockchain intelligence firm TRM Labs, which accurately described the attackers’ operational tactics as extraordinarily effective. The group has employed a sophisticated strategy that utilizes multiple intermediary wallets, decentralized exchanges, and cross-chain bridges to obscure the trail of stolen funds.

The FBI’s investigation has made significant strides. On February 27, they identified a North Korean hacking group, known as TraderTraitor, as the culprits behind the Bybit theft.

In response to this alarming breach, Bybit has taken proactive measures by initiating a $140 million bounty program aimed at rewarding informants who assist in locating the stolen funds. So far, the initiative has compensated 16 individuals with a total of $4.2 million for their valuable intel.

Circle Faces Criticism for Delayed Blacklist

Amid the auditors’ scrutiny, on-chain investigator ZachXBT has publicly criticized Circle, the issuer of the USDC stablecoin, for its slow response regarding the blacklisting of wallets associated with the hackers.

He highlighted that Circle took over 24 hours to blacklist these wallets, providing the attackers with a critical window to further relocate and obscure their stolen assets.

ZachXBT also pointed out a pattern, recalling previous incidents where Circle has delayed freezing illicitly obtained funds, notably during the breaches of Ledger and Nomad Bridge.

“As a primary stablecoin issuer, Circle should not rely merely on law enforcement requests but should proactively block suspected stolen funds,” he argued.

Circle CEO Jeremy Allaire countered by defending the company’s protocol. “Our approach is to act only upon direct requests from law enforcement. Premature actions, without legal backing, could cause more harm than good,” Allaire explained.

However, this stance drew further criticism from ZachXBT, who argued that such waiting periods allow for the laundering process to continue uninterrupted. “In cases like this, mere minutes count. Lawsuits or requests for court orders can indefinitely delay justice,” he stated.

Adding to this discourse, security expert Taylor Monahan criticized Circle’s handling of stolen fund freezes, branding the procedure as inefficient. Monahan warned that delays significantly diminish the chances that authorities can trace and recover stolen assets.

“Implement the blocklist function effectively; it’s essential for freezing illicit funds. The industry needs systems in place that can respond swiftly to crises,” Monahan urged.

She also mentioned that victims of wrongful fund freezes often endure extensive legal ramifications when attempting to reclaim their stolen assets, exposing a critical flaw in Circle’s response protocol.

Conclusion

As the situation surrounding the Bybit hack continues to unfold, the rapid laundering of stolen ETH highlights vulnerabilities within the cryptocurrency ecosystem. The criticism faced by Circle underscores the urgent need for greater accountability and faster responses from major stablecoin issuers. Moving forward, improving these response protocols could be essential in mitigating risks associated with cyber thefts and protecting user assets more effectively.