Bybit Hack: Lazarus Group’s Cash-Out Process May Take Years

Column

February 22, 2025 10:25 AM

In Brief:
Lazarus Group reportedly converted stolen ERC20 tokens into ETH before swapping to BTC.
The stolen BTC will be gradually cashed out through Asian exchanges over several years.

Following the $1.5 billion Bybit hack, blockchain analysts suggest that North Korea’s Lazarus Group is behind the attack. Reports indicate the group follows a three-step laundering process: first, ERC20 tokens are converted to ETH; second, ETH is swapped for BTC; and finally, BTC is slowly cashed out into fiat currency through Asian exchanges.

This method allows Lazarus to avoid immediate detection and extends the selling process over years, minimizing market impact. The prolonged liquidation strategy highlights the group’s expertise in obfuscating transactions while funding illicit activities.

Disclaimer: Backdoor provides informational content only, it is not offered or intended to be used as legal, tax, investment, financial, or other advice. Investments in digital assets involve risk, and past performance does not guarantee future results. We recommend conducting your own research before making any investment decisions.