KeyTakeaways:
- ZachXBT criticizes DeFi protocols for ignoring transactions linked to North Korean hackers.
- Slow recovery of stolen funds highlights crypto ecosystem vulnerabilities.
- Bybit hack exposes serious flaws in cryptocurrency security measures and compliance.
Blockchain investigator ZachXBT has raised concerns over decentralized finance (DeFi) protocols ignoring transactions tied to North Korean hacking groups following the $1.4 billion Bybit hack. In a recent Telegram message, he criticized the industry’s failure to address illicit activities tied to the stolen funds from the February 2025 cyberattack, which was attributed to North Korea’s Lazarus Group.
ZachXBT’s investigation into the Bybit hack revealed troubling practices among certain DeFi protocols. According to his findings, several decentralized platforms have allegedly made nearly all their monthly volume or fees from transactions linked to North Korean entities.
Despite this, these protocols have refused to acknowledge their role in potentially facilitating money laundering, raising questions about their commitment to compliance and security standards.
As ZachXBT continues to work with the LazarusBounty program to trace and recover stolen assets, he has voiced frustration with the slow response times from both decentralized and centralized platforms. In his Telegram post, he pointed out that centralized exchanges often take hours to respond to suspicious transactions, while illicit funds can be laundered in minutes.
His criticisms extend to the Know Your Transaction (KYT) systems, which he deemed “flawed and easily evaded.” Additionally, he called Know Your Customer (KYC) requirements ineffective due to frequent breaches and compromised accounts.
Progress on Freezing Stolen Funds Remains Slow
Despite the ongoing efforts of bounty hunters and platforms, the recovery progress remains slow. The LazarusBounty program, which offers a reward of up to $140 million for successfully frozen assets, has managed to freeze only 3.22% of the stolen funds, amounting to approximately $44.37 million. Although 89.96% of the stolen assets are currently being tracked, the remaining funds are still largely beyond reach.
ZachXBT’s dissatisfaction stems from the difficulty in converting knowledge of stolen funds into actual freezes. Even when hackers are identified and funds traced, the process of halting these transactions has proven challenging.
Bybit Hack Highlights Vulnerabilities in the Crypto Ecosystem
The Bybit hack, executed by the Lazarus Group using social engineering tactics, exposed serious vulnerabilities in cryptocurrency platforms’ security measures. The hack targeted flaws in the Safe Wallet software used by Bybit, manipulating the multi-signature transaction process to redirect funds to North Korean operatives. ZachXBT’s observations underscore the technical sophistication of the hackers, who were able to launder at least $160 million within the first 48 hours of the attack.
This hack is part of a broader trend of state-sponsored cyberattacks aimed at exploiting cryptocurrency platforms to fund North Korea’s nuclear and missile programs. The Lazarus Group has been linked to several similar operations over the years, underscoring the growing threat to the global crypto ecosystem.
