Thomas20Roccia20-20WhereE28099s20My20Crypto2C20Dude20The20Ultimate_DRjKi72.pdf (56 MB)

The DEF CON material uses the February 2025 Bybit theft as a case study for tracing large-scale cryptocurrency laundering after a manipulated transaction changed the Safe wallet execution path and enabled attacker-controlled transfers. It describes rapid conversion of tokenized assets into ETH, dispersal across dozens and then thousands of wallets, cross-chain movement into Bitcoin and Tron, and use of DEXs, bridges, no-KYC exchanges, mixers, CoinJoin, and OTC networks. The excerpt highlights investigative opportunities such as clustering similar gas and timing patterns, monitoring bridge events, reconstructing DEX swap paths, matching eXch deposit and withdrawal flows, and correlating ETH-to-BTC movements. DPRK-specific content is limited to tracking guidance that recommends labeling known DPRK wallets and watching bridge activity, so the material is most useful as laundering tradecraft context rather than a standalone attribution source.