Blockchain research firm Elliptic has revealed that the Lazarus Group, a North Korean cybercriminal organization, has laundered stolen cryptocurrency from the recent Bybit hack through the exchange eXch. The hack resulted in the theft of around $1.5 billion worth of Ethereum (ETH) and Lido Staked Ether (stETH) from the platform. This attack is considered the largest crypto hack ever and potentially the biggest heist in history. Elliptic, along with pseudonymous on-chain investigator ZachXBT and other researchers, have identified the Lazarus Group as the culprit behind the exploit. The group is notorious for its involvement in various high-profile hacks on major crypto platforms. Elliptic’s analysis reveals that Lazarus typically follows a specific money-laundering process. First, the stolen tokens are exchanged for a native blockchain asset like Ethereum, as ETH cannot be frozen by a central authority. Subsequently, the cybercriminal outfit “layers” the stolen funds through multiple wallets, exchanges, cross-chain bridges, and crypto mixers to obscure the transaction trail. Elliptic confirms that Lazarus is currently in the second step of this process. The stolen funds were initially sent to 50 different wallets within two hours of the theft, each holding approximately 10,000 ETH. As of February 24, 1pm UTC, 14.5% of the stolen assets (worth $195 million) have been moved from these wallets. Once moved out of these wallets, the funds are being laundered through various services, including decentralized exchanges (DEXs), cross-chain bridges, and centralized exchanges. However, one particular service, eXch, has emerged as a major facilitator of this money laundering. eXch is a cryptocurrency exchange known for allowing its users to swap cryptoassets anonymously. Despite attempts to conceal its involvement, Elliptic’s analysis shows that over $75 million worth of crypto assets stolen from Bybit have been exchanged using eXch since the hack. Bybit has made direct requests to eXch to block this activity, but the exchange has refused to do so. Over the weekend, eXch denied allegations of laundering crypto for Lazarus on the BitcoinTalk forum, although it did admit to processing a small portion of the stolen Bybit funds. Bybit CEO Ben Zhou has stated that the firm has restored a 1:1 backing on all client assets following the hack, and the exchange has announced the full restoration of its services.