The hackers responsible for the largest crypto theft in history, stealing around $1.4 billion in Ethereum from crypto exchange Bybit, have taken the first steps in laundering the stolen funds. According to experts, the hackers have moved nearly all of the stolen cryptocurrency and converted most of it to Bitcoin, marking the initial phase of a sophisticated money laundering operation.

The hack, which occurred on February 21, resulted in the theft of 401,346 Ethereum, worth around $1.4 billion at the time. Blockchain monitoring firms, researchers, and the FBI have accused the North Korean government of being behind the attack. Since the digital robbery, the hackers have transferred the stolen Ethereum out of the dozens of crypto wallets they originally split the proceeds between and converted most of the funds to Bitcoin.

Tom Robinson, co-founder and chief scientist of crypto monitoring firm Elliptic, and Ari Redbord, a former federal prosecutor and senior Treasury official now at TRM Labs, confirmed that the hackers have taken steps to obscure the origins of the stolen cryptocurrency. Andrew Fierman, head of national security intelligence at blockchain monitoring firm Chainalysis, noted that the company is tracking around 90% of the stolen Bybit funds, with the majority converted to Bitcoin and held in approximately 4,400 addresses.

The remaining 10% of stolen funds have been lost to fees, freezes, or off-ramped, which are services that turn crypto into cash. During the initial phase of the laundering operation, the hackers relied heavily on THORSwap, a decentralized protocol that enables users to swap assets across different blockchains without the need for an intermediary. This rapid laundering process has demonstrated an "unprecedented level of operational efficiency" from the hackers, according to Redbord.

The scale and velocity of this operation present new challenges for investigators, as traditional anti-money laundering (AML) mechanisms struggle to keep pace with the high volume of illicit transactions. Redbord suggested that North Korea may have expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to absorb and process illicit funds.

However, experts emphasize that this is only the beginning for the hackers. They still need to find a way to benefit from the stolen funds, which will likely involve depositing the laundered Bitcoin into mixers. These mixers are designed to create doubt in the tracing process for investigators, making it more difficult to track the funds. While mixers usually receive a volume of a few million to $10 million a day, it is unclear whether they can continue to absorb the massive amount of money involved in this operation.

There is still hope for Bybit to recover some of the stolen funds, according to Robinson. It's likely that at least some of these funds will pass through exchanges, where they could potentially be frozen. Bybit has offered a total bounty of $140 million to anyone who can help trace the funds and freeze them, with the company paying 5% of the recovered funds to the entity that successfully freezes the funds and 5% to whoever first reports the funds and leads to them being frozen. As of this writing, Bybit has awarded only $4.3 million to 19 bounty hunters.

The Bybit hack and subsequent laundering operation highlight the complexities and challenges of tracking and recovering stolen cryptocurrency. As the crypto landscape continues to evolve, it is essential for exchanges, investigators, and regulators to stay ahead of these sophisticated criminal operations and develop more effective strategies to combat money laundering and recover stolen funds.