The largest security breach of 2025, which resulted in $1.5 billion being stolen from crypto exchange Bybit, fueled one of the fastest laundering campaigns the industry has ever seen, a coalition led by incident response group zeroShadow stated in a joint announcement.
The laundering campaign — linked to TraderTraitor, a subgroup of the Lazarus Group — has successfully bypassed the crypto community’s defences, such as wallet blacklists, tracing tools, and bounty programs, in less than six months.
The blockchain security experts say the stolen funds are being transferred almost immediately “into the hands of mainly Chinese money launderers,” adding that launderers split the funds into small transactions and utilize decentralized services to evade detection.
“They do not move large amounts of funds at once, splitting transactions into as little as $30K each so that a freeze is not going to be overly impactful. In fact, out of 11,633 wallets used to launder the funds from the Bybit hack, only 5% of wallets ever held $1M or more,” zeroShadow said.
Global Risks
The experts emphasized persistent challenges in stopping crypto thefts, including slow responses to law enforcement warnings, limited cooperation from some crypto services, and reliance on jurisdictional loopholes.
The group also pointed to an “over-reliance on law enforcement,” as many crypto businesses refuse to act unless compelled by authorities, even when civil court orders are in place.
“This is a significant global risk because of the speed at which North Korea is able to exfiltrate stolen funds off-chain for their weapons and nuclear programs,” zeroShadow noted.
Bybit co-founder Ben Zhou says the firm has strengthened its security since the February attack, adding that “we can no longer operate in silos when responding to these challenges.”
Lazarus Bounty Website – Bybit
As of press time, data from the Lazarus Bounty website — created by Bybit to track the stolen funds and offer rewards for their recovery — shows that over 80% of the stolen funds have gone dark, a 20% increase since early July.
In late February, hackers intercepted what was supposed to be a routine transfer of Ether from Bybit’s offline cold wallet to its hot wallet, rerouting about $1.5 billion in crypto to addresses they controlled. The FBI later confirmed the breach was carried out by North Korea’s state-sponsored Lazarus Group, marking the largest crypto heist on record.
