Inside the Lazarus Group money laundering strategy
After Bybit’s hack, the Lazarus Group deployed its notorious money-laundering tactics — leaving a complex trail in the aftermath of yet another high-profile crypto heist.
In the post-mortem of the $1.5 billion Bybit hack, two blockchain research organizations — Nansen and Chainalysis — have revealed the Lazarus Group’s money laundering strategy, which includes swapping illiquid assets for liquid assets, creating a complex money trail, and letting certain wallets sit dormant to let scrutiny die down.
According to Nansen, the typical Lazarus Group strategy first involves swapping the illiquid assets into those that are more fungible and, therefore, easier to move. After the Bybit hack, the perpetrator converted at least $200 million in staked tokens into Ether (ETH), which can be moved much more easily onchain.
After this conversion from illiquid to liquid assets, the laundering process was carried out. To create obfuscation, the hacker used a maze of intermediate wallets to create a complex trail aimed at confusing trackers. According to Chainalysis, the funds were laundered through decentralized exchanges, crosschain bridges, and even instant swap services that do not require Know Your Customer (KYC) verification.
