Lazarus Group Launders $605 Million in ETH
The cryptocurrency world has been shaken by a major cyberattack in recent weeks. Bybit, one of the world's leading crypto exchanges, was subjected to a massive hack attack worth approximately $1.4 billion on February 21, 2025. Analysis conducted after the incident revealed that the North Korea-linked Lazarus Group was behind the attack. What's even more remarkable is that the hackers managed to launder $605 million in Ethereum (ETH), equivalent to 54% of the stolen funds, in just one week.
How Was $605 Million in ETH Laundered?
According to data shared by on-chain analytics company Lookonchain, hackers used decentralized cross-chain protocols such as THORChain to hide the stolen Ethereum. Such protocols enable swaps between different blockchains, making it difficult for hackers to track assets.
It is known that the Lazarus Group used similar methods in its past attacks. It is reported that the group moves funds especially through decentralized exchanges (DEX) and mixer services. This situation once again reveals the inadequacy of security measures in the cryptocurrency ecosystem.
The Lazarus Group and its Threats to the Crypto Ecosystem
The Lazarus Group is known as a cybercrime network with ties to North Korea and has previously carried out many major crypto attacks. In particular:
Ronin Bridge Attack (2022): $625 million was stolen in the bridge attack belonging to the Axie Infinity ecosystem.
Harmony Horizon Bridge Attack (2022): $100 million in funds were seized.
Stake Hack (2023): $41 million in assets were stolen from the online betting platform Stake.
The Bybit attack is considered one of the largest operations of the Lazarus Group.
The Bybit attack reveals the security vulnerabilities of the crypto ecosystem and the advanced methods of cyber attackers. The Lazarus Group’s laundering of $605 million worth of Ethereum has once again revealed how effective money laundering mechanisms are and how difficult regulatory bodies face in this area.
In order to prevent similar attacks in the future, it has become a critical necessity for centralized and decentralized platforms to develop stronger security solutions.
Author: Besim Şen