Hacker Converts Stolen ETH to DAI on DEXs, Bypassing Freeze Function

The hacker behind the $1.4 billion Bybit incident has been spotted converting stolen Ether (ETH) into Dai (DAI) using decentralized exchanges (DEXs). According to blockchain records, an address associated with the hacker has interacted with platforms such as Sky (formerly MakerDAO), Uniswap, and OKX DEX. The hacker sent approximately $3.64 million worth of ETH to an address, which was then used to swap ETH for DAI.

DAI, a stablecoin, lacks a freeze function, making it an attractive option for cybercriminals. Unlike centralized stablecoins like USDt (USDT) and USD Coin (USDC), DAI cannot be frozen by a centralized issuer. The hacker appears to be splitting the DAI holdings into multiple addresses, with some funds being deposited into non-KYC cryptocurrency exchange eXch and others being swapped back to ETH.

eXch has been the subject of controversy since the Bybit hack, as it refuses to freeze funds related to the exploit. In contrast, other exchanges and protocols have provided assistance to Bybit, including freezing addresses involved in the hack or offering loans to cover losses. Tether CEO Paolo Ardoino announced that the company had frozen $181,000 in USDT associated with the Bybit hack, but some tokens have slipped through.

Onchain investigator ZachXBT has identified North Korean state-sponsored hacking group Lazarus as the prime suspect in the Bybit hack. The investigator found a common address used by the Bybit hacker in previous attacks on Phemex and BingX, both attributed to Lazarus. eXch has denied laundering money for Lazarus or North Korea, but a member of the white hat group Security Alliance estimates that eXch laundered approximately $30 million for the hackers on Feb. 22.