A recent report reveals that Bybit crackers have initiated the laundering of a portion of the stolen funds through memcoirs. Experts believe that this operation is tied to the North Korean group Lazarus.
Lazarus utilizes the Pump.fun platform on the SOLANA blockchain to legitimize the stolen assets. Investigations uncovered that the group transferred 50 SOL (approximately $8000) to a wallet associated with the launch of the Qinshihuang token. Within a short period, the token’s capitalization soared to $3 million, with a daily trade volume exceeding $44 million.
The launch of Qinshihuang, as reported by @crptatlas, played a crucial role in this elaborate scheme.
Hackers strategically utilized the real liquidity of Pump.Fun users, blending it with stolen funds to increase turnover. Once the assets generated significant volume, the hackers sold the tokens, cashed in on the profits, and dispersed them across numerous wallets to make tracking difficult.
While the amount laundered is significantly less than the initial $1.46 billion stolen, analysts caution that this could just be a trial run. If successful, Lazarus might adopt this method in future operations.
A representative from Coinbase highlighted another concerning incident where an individual sent North Korea the Memicin “Lazerus,” which was exchanged for thousands of dollars in SOL. The specialist emphasized that engaging in any financial transactions with the DPRK is considered an international crime.
Further investigations have uncovered potential ties of Lazarus to multiple memcoirs launched through PUMP.FUN. Researcher ZACHXBT, who previously linked the group to BYBIT, identified over 920 wallets that received funds from stolen assets, which were later transferred to various exchanges and services.
Analysts point out that the use of memcoirs and Defi platforms is increasingly becoming a prevalent method for laundering illicitly obtained funds. Nevertheless, the rising scrutiny from law enforcement agencies and analysts could hinder hackers from continuing to exploit such schemes.