Crypto assets worth $1,5-billion stolen from Dubai-based Bybit are being steadily laundered into Bitcoin through a series of exchanges.
The heist, which the FBI is attributing to North Korean nation-state actors, saw assets including 401 347 Ether tokens lifted from a Bybit multisignature cold wallet.
A cold wallet is held offline, which is thought to make it more secure.
The $1,5-billion heist is believed to be the biggest theft ever, surpassing the $1-billion that Saddam Hussien stole from the Iraqi Central Bank before the 2003 Iraq War, and dwarfing the next-biggest crypto theft of $611-million from Poly Network in 2021.
Ben Zhou, CEO and co-founder of ByBit, has released a full report, conducted by Sygnia Labs, into the hack.
It appears that two downloads of malicious code took place on 18 February, the first containing transfer logic and the second implementing withdrawal capabilities.
On 21 February, the attacker successfully created a multi-signature transaction involving three signers, including the CEO of Bybit. This transaction upgraded Bybit’s multi-signature contract for the cold wallet, pointing to a malicious contract that had been deployed earlier.
The attacker then used backdoor functions in the malicious contract to drain the wallet.
About half the assets are believed to have been laundered so far.
The FBI has called on private sector entities including RPC node operators, exchanges and DeFi services to block transactions with the addresses actors are using to launder the stolen assets.
Zhou has moved quickly to calm investors’ fears, saying the exchange is solvent and clients’ funds are safe.