Bybit Hackers Laundered 70% of the Funds, Circle Faces Backlash

The North Korean Bybit hackers are nearing the final stages of laundering the stolen 499,000 ETH, worth approximately $1.5 billion. At their current pace, they could complete this process within the next three days.

Meanwhile, this comes amid criticism of USDC stablecoin issuer Circle for allegedly delaying action on blacklisting wallets linked to the attack.

North Korean Hackers Ramp Up Bybit Laundering Efforts

On March 1, the North Korean hackers moved another 62,200 ETH, valued at around $138 million, reducing the remaining unlaundered balance to 156,500 ETH.

According to crypto investigator EmberCN, who has been monitoring the transactions, the rapid movement of funds suggests the laundering process could be completed in a matter of days.

“Since the hacker resumed money laundering yesterday at 3 PM, they have laundered 62,200 ETH (worth $138 million). Out of the 499,000 ETH stolen from Bybit, only 156,000 ETH (worth $346 million) remain unlaundered. In about three more days, all of it should be fully laundered,” EmberCN wrote on X.

This confirms a report from blockchain intelligence firm TRM Labs, which noted that the attackers had “an unprecedented level of operational efficiency.”

According to the firm, the group employs a complex laundering strategy, using intermediary wallets, decentralized exchanges, and cross-chain bridges to disguise the movement of funds. These tactics make it increasingly difficult for investigators to track and recover the stolen ETH.

Meanwhile, the authorities have also taken note. On February 27, the FBI identified a North Korean-affiliated hacking collective known as TraderTraitor as the perpetrator of the Bybit attack.

In response, Bybit has launched a $140 million bounty program to incentivize individuals who can help track and freeze the stolen assets. So far, 16 people have received a combined total of $4.2 million for their contributions.

Circle Faces Criticism for Delayed Blacklist

Considering the rapid pace of the laundering activity, on-chain sleuth ZachXBT has criticized Circle for its delayed response in blacklisting hacker-controlled wallets.

He pointed out that the company took more than 24 hours to act, giving the attackers ample time to move the assets beyond reach.

ZachXBT also highlighted past incidents where Circle allegedly failed to freeze illicit funds promptly, referencing major crypto breaches such as the Ledger and Nomad Bridge hacks.

He argued that Circle, as a key stablecoin issuer, should take a more aggressive stance in blocking stolen funds instead of relying solely on law enforcement directives.

Circle’s CEO, Jeremy Allaire, defended the company’s position, dismissing claims of negligence. He stated that Circle only responds to direct requests from authorities.

“We will share a post on how we immediately respond to law enforcement and not front run the law with our own or market intelligence. I don’t think the market or users benefit if a private company makes their own judgements to seize funds without a direct law enforcement request,” Allaire added.

However, ZachXBT responded that waiting for legal clearance creates unnecessary delays, allowing hackers to execute their laundering schemes before action is taken.

“An ongoing attack impacting the entire ecosystem only has minutes for a blacklist. You know this and then push back for a court order from law enforcement which takes multiple days in a best case scenario. Your team completely made up this internal policy and it’s not required by law,” ZachXBT stated.

Security expert Taylor Monahan echoed these concerns, describing Circle’s handling of such incidents as inefficient. She also noted that delays in blacklisting stolen funds increase the likelihood that the assets become untraceable.

“You have a blocklist function because you have to. Grow up and use it. Freeze criminal funds, establish checks and balances, create accessible paths of recourse if it turns out bad and fix it quickly. This is dead simple,” Monahan said.

Additionally, she pointed out that victims of wrongful freezes often face extended legal battles to reclaim their funds due to Circle’s rigid policies.