Bybit Hack Funds Laundered Through Meme Coins on Pump.fun: A New Twist in Crypto Crime

Introduction

Details of the Laundering Scheme

The Bybit Hack Recap:

• Bybit, a top-tier crypto exchange, lost $1.4 billion in assets—primarily liquid-staked Ether (stETH) and Mantle Staked ETH (mETH)—from its Ethereum cold wallet. The attack, linked to North Korea’s Lazarus Group, exploited a malicious smart contract to spoof a legitimate transaction, draining funds to an unidentified address.

Pump.fun’s Role:

• Within 48 hours of the hack, blockchain investigator ZachXBT identified that an entity tied to the exploit launched and traded meme coins on Pump.fun. The process began with bridging $1.08 million in USDC from Solana to Binance Smart Chain (BSC), splitting it across 30+ addresses, and then funneling portions into Pump.fun token launches.
• One notable transaction saw 60 SOL (worth about $10,000) used to generate $27 million in trading volume via Pump.fun meme coins, amplifying the funds through speculative pumps before extraction—a classic wash-trading tactic.

Execution and Scale:

• The launderers created multiple low-value meme tokens, leveraging Pump.fun’s low-barrier, code-free launch system. These tokens were traded heavily to inflate volume, then dumped, with proceeds consolidated and sent to various exchanges and services. Posts on X highlight the strangeness of this approach, with one user noting, “As if this year could not get any more strange.”

Why Pump.fun?

Platform Mechanics:

• Pump.fun, launched in early 2024, has become a meme coin factory, enabling anyone to create Solana-based tokens for as little as $2. Its bonding curve model ensures instant tradability without seeding liquidity, making it a hotbed for rapid speculation—and, inadvertently, a tool for laundering.
• The platform’s $380 million revenue in 2024 and history of hosting volatile tokens (e.g., $TST’s $50 million pump) demonstrate its scale and appeal to both legitimate traders and bad actors.

A Perfect Cover:

• The high volume and chaotic trading of meme coins provide a smokescreen for illicit funds. Smaller transactions blend into the noise, while Pump.fun’s decentralized nature complicates immediate intervention, despite its team’s swift blocking of a suspected hacker-linked token after Bybit’s alert.

Implications and Responses

Bybit and Pump.fun’s Actions:

• Bybit CEO Ben Zhou confirmed the exchange’s solvency and offered a 10% bounty ($140 million) for fund recovery. On February 23, Bybit thanked Pump.fun’s team for blocking a token tied to the hack, per an X post at 9:49 CST, showcasing proactive collaboration.
• Pump.fun halted the suspect token’s activity, but its decentralized structure limits broader control, leaving the laundering underway across multiple addresses.

Security and Regulation:

• The incident amplifies calls for tighter exchange security and scrutiny of DeFi platforms. Japan’s recent move to block unregistered exchanges like Bybit from app stores (Crypto Briefing, June 2024) foreshadows potential regulatory crackdowns, though Pump.fun’s meme coin niche complicates enforcement.

Market Sentiment:

• Ethereum dropped 4% post-hack to $2,641, and Solana’s SOL faced selling pressure below $180 (Coinpedia, February 22). The laundering news hasn’t yet triggered a broader panic, but posts on X warn of heightened risks: “Not your keys, not your coins—and not your memecoin, not your money.”

Conclusion