Elliptic describes the February 2025 Bybit exploit as a North Korean act in which about $1.46 billion in ETH and ERC-20 tokens were transferred to an attacker-controlled address. Six months later, laundering had moved more than $1 billion through rapid multi-chain flows, bridges, mixers, CoinJoin services, refund-address abuse, lesser-known blockchains and fee-reduction tactics. The laundering differed from some previous DPRK-attributed thefts through heavier use of Wasabi Wallet and a broader set of mixers, plus a token-liquidity-pool technique that used newly created worthless tokens to obscure at least $24 million in stolen funds. Elliptic also notes suspected cash-out through Chinese OTC services after funds reached Tron as USDT, and frames the case alongside continuing DPRK crypto threats involving embedded IT workers, malicious video-call lures and fake developer job tests.