By Allium Research
Bybit Hack: How the Lazarus Group Exploited DeFi Protocols to Launder $400M
Crosschain analysis shows Lazarus leveraged DeFi protocols to launder funds
Bybit, the world’s second-largest exchange by trading volume, recently suffered the largest crypto hack in history. On February 21, 2025, North Korea’s Lazarus Group stole $1.46 billion in Ethereum tokens from Bybit and immediately began laundering the funds to cash out.
While many reports detailed how THORChain, ParaSwap, and token transfers were used to launder funds, we analyzed cross-chain DeFi & DEX activity to shed light on an untold part of the story: the Lazarus Group used DeFi aggregators to discreetly swap $386 million through DeFi protocols.
Though Lazarus laundered one-fifth of the stolen funds ($263M) through PancakeSwap alone, this is the first report on the Bybit hack to highlight the protocol (at the time of writing) and the role of aggregators. Allium’s cross-chain data enabled our wizards to track and visualize every transaction on Ethereum within five layerur analysis involved:
- 13,000 unique wallets,
- 127,000 transactions,
- With a cumulative volume of $12 billion,
- 5 hops away from the genesis node.
Other reports
Meeting in the Middle
June 15, 2026
How Kalshi, Polymarket, and the fed funds futures price the 2026 Fed path (June 2026)
Pricing SpaceX Pre-IPO Onchain
June 11, 2026
A study into how onchain venues price pre-IPOs
.webp)
World Cup Prediction Markets Geography
June 10, 2026
Who is behind the money on Polymarket's World Cup markets