Stolen Crypto Shenanigans: How a Hacker Played Hide and Seek with $605M

Lo and behold, the Bybit bandit—a rogue of our digital age—danced with the ether of $605 million, a sum so lavish it could fund a small revolution, or at least a very extravagant dinner party. Remarkably, this schemer managed to sluice away over 50% of the ill-begotten booty in less than a week! All this, while diligent onchain sleuths furrowed their brows in pursuit of the enigma, as if they were tracking a recalcitrant cat that refused to come home.

Ah, centralized crypto exchange Bybit! On that fateful February 21, it became the grand stage for a heist of epic proportions, eclipsing its predecessors with a thundering loss of $1.4 billion—a true record that would make any seasoned thief’s heart swell with pride.

According to the oracle known as Lookonchain, who seems to know everything except where their socks go, our Bybit bandit has toyed away with a staggering 270,000 $ETH—a mere $605 million, or over 54% of the total sum snatched from the unsuspecting exchange. Their stunning report glowed resplendently on February 28:

“So far, the #Bybit hacker has laundered 270K $ETH($605M, 54% of the stolen funds) and still holds 229,395 $ETH($514M).”

Our tale of intrigue spills over further, wrapping its tentacles around North Korea’s notorious Lazarus Group—yes, the very same crew identified as the principal puppeteers behind this brazen exploit. If only blockchain analytics firms had donned their detective hats sooner!

Our digital outlaw employed the elaborate dance steps of the crosschain asset swap protocol THORChain, with a volume soaring past the $1 billion mark post-heist—a figure that would send any crypto enthusiast into a frenzy of envy and disbelief, as CryptoMoon so aptly chronicled on February 27.

But wait! A storm brews on the horizon as controversy brews like a cheap coffee. The scuttlebutt surrounds THORChain’s ability to cloak illicit North Korean funds, leading to an uproar that could put a soap opera to shame.

THORChain’s Titanic Trouble: A Developer Waves Goodbye!

Some onlookers—those who feast on the drama of the scene—have criticized THORChain’s privacy functions for acting like a welcome mat for North Korean mischief-makers. Shortly after our protagonists voted to block transactions linked to North Korean hackers, a key THORChain developer, affectionately monikered “Pluto,” unveiled their exit strategy.

“Effective immediately, I shall no longer be contributing to THORChain,” this digital David announced on February 27, adding a flavor of theatrics to the unfolding saga. Their promise to remain “available” for a proper hand-off generously oozed of classic nobility.

As Pluto vacated the scene, the THORChain validator “TCB” chimed in, announcing their intention to wave goodbye if a solution to curtail those pesky NK funds wasn’t rolled out swiftly enough. A virtual cry for action, indeed!

Meanwhile, our good old FBI heroes have taken on the mantle of digital watchdogs, advising crypto validators and exchanges to sever ties with the notorious Lazarus Group. A gallant move, but one that feels like locking the barn door after the horse has bolted.

In his infinite wisdom, the THORChain founder, John-Paul Thorbjornsen, retorted that he wasn’t entangled in this web of intrigue but echoed that “none of the sanctioned wallet addresses” had graced THORChain with their presence. A real conundrum, as he mused about the swift movements of the actor in question, who, like a magician, vanished before anyone could say “blockchain!”

Read More

2025-02-28 14:49