Original source: Beosin
On the evening of February 21, 2025, the cryptocurrency trading platform Bybit suffered a massive hacker attack, with more than 400,000 ETH and stETH with a total asset value of more than $1.5 billion being transferred to an unknown address. This incident not only shocked the entire cryptocurrency industry, but also once again triggered deep thinking about anti-money laundering (AML) and the security of decentralized financial platforms.
Just today, Beosin Trace detected that the Infini project was also attacked, with an estimated loss of 50 million US dollars. The incident is currently under investigation. At present, the Infini hacker has exchanged 49.5 million DAI for about 17,700 ETH and transferred it to the new address 0xfcc8a...6e49 .
In the Bybit incident, as hackers laundered money through cross-chain exchange platforms and DeFi protocols, how to effectively track and intercept these illegal funds has become the focus of industry attention.
Bybit Incident Review: Hacker Attack and Money Laundering
On the evening of February 21, Beijing time, the Bybit platform was hacked, and the attacker successfully transferred ETH and stETH worth more than $1.5 billion. Subsequently, the hacker began to exchange the stolen assets into other cryptocurrencies (such as BTC) through cross-chain exchange platforms such as Chainflip, THORChain, LiFi, DLN, eXch, and DeFi protocols, trying to cover their tracks through complex fund flow paths.
Although Bybit officials took quick action after the incident and cooperated with multiple parties to freeze part of the stolen funds (a total of 42.89 million US dollars), the hacker's funds were transferred very quickly and laundered through multiple addresses and cross-chain protocols, which brought great challenges to tracking and interception. As of February 24, 2025, BeosinTrace tracked that the hacker was still transferring assets, and the funds flowed to OKX DEX and Thorchain:Router and other cross-chain protocols.
The Dilemma of Anti-Money Laundering in the Crypto Industry
Hackers use the liquidity of cross-chain exchange platforms and DeFi protocols to disperse funds across multiple addresses and blockchain networks, making it difficult for traditional blacklist mechanisms and simple fund tracking tools to cope with them. The following are the main challenges currently facing the anti-money laundering field:
1. Complexity of cross-chain transfers
Hackers transfer stolen assets to other blockchain networks through cross-chain exchange platforms (such as THORChain, Chainflip, etc.), making it more difficult to track funds. The anonymity and decentralization of cross-chain technology make the flow of funds more hidden, and traditional anti-money laundering tools are difficult to cover multi-chain environments.
2. Address dispersion and rapid change
Hackers use a large number of new addresses to transfer funds, and the traditional blacklist mechanism cannot be updated in time, resulting in some funds successfully escaping monitoring. In addition, hackers can automatically generate new addresses in batches through scripts, further increasing the complexity of tracking.
3. Anonymity of DeFi protocols
The anonymity and decentralization of DeFi platforms make it easy for hackers to exploit these protocols to transfer funds. For example, hackers can convert funds from decentralized exchanges (DEX) into other currencies and spread them to multiple addresses, making it difficult for compliance personnel to distinguish between normal transactions and illegal transactions.
4. Abuse of non-KYC exchanges
According to The Block, the KYC-free centralized exchange eXch was accused of assisting hackers in money laundering in the Bybit incident. Although eXch denied the accusation, its ETH trading volume has surged abnormally after the incident, from the usual 800 ETH to 20,000 ETH in the past 24 hours. The eXch team admitted that "a small part of the funds from the Bybit hacker attack ended up in our address", but called the transfer "an isolated case". This incident highlights the lack of anti-money laundering measures in KYC-free exchanges.
How to build a firewall for decentralized platforms
Faced with increasingly sophisticated hacker attacks and money laundering, DeFi platforms need more powerful tools to identify and intercept risky funds. Anti-money laundering and fund tracking tools such as KYT (Know Your Transaction) designed specifically for the blockchain industry can help platforms effectively deal with similar challenges in the Bybit incident. The following are several key measures to build a firewall for DeFi platforms:
1. Automated risk capital identification and tracking
In the Bybit incident, hackers usually used cross-chain exchange platforms and DeFi protocols to transfer funds. The liquidity pools of these platforms often contain a large amount of funds from normal users. If all related platforms are marked as risks, compliance personnel will face a large number of false positives, which will interfere with normal anti-money laundering work. KYT tools can automatically identify the source of funds of these addresses and mark them as high-risk, thereby helping the platform to freeze related assets in a timely manner. For example, Beosin KYT can track the flow of funds in real time through intelligent algorithms and on-chain data analysis, identify addresses and transactions related to hackers, and ensure that risky funds cannot escape monitoring.
2. Accurately identify risky funds in cross-chain and DeFi transactions
Hackers use the liquidity pools of cross-chain exchange platforms and DeFi protocols to transfer funds, making it difficult for compliance personnel to distinguish between normal transactions and illegal transactions. Traditional anti-money laundering tools often cannot accurately identify risky funds in these complex transactions. KYT tools use intelligent algorithms to accurately identify risky funds in cross-chain and DeFi transactions without misjudging normal funds in the liquidity pool as risks. For example, in the Bybit incident, hackers used THORChain and OKX DEX to transfer funds. Beosin KYT can automatically penetrate the sources of funds before these protocols and identify transactions related to hackers without interfering with the funds of normal users.
Beosin KYT product screenshots
3. Labeling and monitoring of high-risk exchanges and addresses
In the Bybit incident, hackers transferred funds through multiple addresses and cross-chain protocols. The traditional blacklist mechanism could not be updated in time, resulting in some funds successfully escaping monitoring. Beosin KYT has marked some high-risk exchanges and addresses based on the transaction pattern of this incident. By monitoring these high-risk addresses in real time, the platform can take quick action to freeze related assets and prevent hackers from further transferring funds.
4. Collaborative defense: sharing risk address information
The path for hackers to transfer funds usually involves multiple platforms and protocols, and the anti-money laundering measures of a single platform are often difficult to cope with complex fund flows. We call on decentralized protocol project parties on the chain, as well as off-chain exchange platforms, to share hacker-related address information through a proprietary internal channel. This collaborative defense mechanism can help platforms block hackers' fund flows in a timely manner and freeze related assets. For example, when BeosinTrace tracks the hacker address 0xfc926659dd8808f6e3e0a8d61b20b871f3fa6465 to start transferring assets, the relevant platform can immediately freeze the funds at the address to prevent further flow.
Last words
These security incidents once again remind us that decentralized platforms still face huge challenges in security and anti-money laundering. Hackers use cross-chain exchange platforms and DeFi protocols to transfer funds, making it difficult for traditional blacklist mechanisms and simple fund tracking tools to cope with them. Anti-money laundering is not only a regulatory requirement, but also the cornerstone of sustainable development in the crypto space. Only through technological innovation and industry collaboration can we truly achieve the goal of "building a firewall together" and provide safer digital asset services to global users.
IOS
Android