The attacker behind the massive Bybit exploit has already laundered 18% of the stolen funds in just 60 hours.

They are reportedly using THORChain for cross-chain swaps, moving at breakneck speeds to convert ETH into other crypto assets.

$224 Million Laundered

In a social media post published on February 25, blockchain analysis firm EmberCN revealed that in the past two and a half days, the hacker successfully laundered 89,500 ETH, valued at about $224 million. This represents approximately 18% of the nearly 500,000 ETH stolen from Bybit in the incident that happened on February 21.

On-chain data also shows the criminal made most of these transactions through THORChain, a decentralized cross-chain exchange known for its anonymity. Previously, blockchain investigator ZachXBT had claimed at least $35 million had been laundered via eXch, an accusation vehemently denied by the non-KYC exchange.

According to Arkham Intelligence, the perpetrator is making transfers relentlessly, executing two to three per minute. The crypto analytics platform also noted that the attacker takes a scheduled 15-minute break every 45 minutes, which could suggest they are manually laundering the stolen funds.

Given their pace, observers predict the bad actor could convert the remaining coins into other cryptocurrencies, such as BTC and DAI, within the next fortnight.

Elsewhere, the FBI has placed North Korean citizen Park Jin Hyok on a wanted notice on allegations of being associated with the Lazarus Group, a cybercrime outfit linked to the Pyongyang administration. Various security experts have attributed the record-shattering Bybit exploit to the group.

Hyok is said to have been involved in various past attacks on crypto platforms, including the $625 million Ronin Bridge heist in 2022 and the $100 million attack on Harmony Bridge in the same year.

Bybit Ramping Up Recovery Process

Meanwhile, Bybit CEO Ben Zhou has stated that the exchange is working on a solution to track and recover the stolen funds. It has released an API to enable the blacklisting of suspicious wallets linked to the attack.

Further, law enforcement authorities, cybersecurity companies, and industry experts are reportedly collaborating to track the hacker’s movements and prevent further illicit conversions of the stolen money.

The platform has also engaged blockchain forensic firm zeroShadow to help trace the assets in real-time and freeze them where possible.